Lucene search

K

Data Center Expert Security Vulnerabilities

cve
cve

CVE-2023-37199

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually...

7.2CVSS

7.5AI Score

0.001EPSS

2023-07-12 08:15 AM
13
cve
cve

CVE-2023-37198

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install...

7.2CVSS

7.5AI Score

0.001EPSS

2023-07-12 07:15 AM
6
cve
cve

CVE-2023-37197

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the.....

8.8CVSS

8.6AI Score

0.001EPSS

2023-07-12 07:15 AM
9
cve
cve

CVE-2023-37196

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the.....

8.8CVSS

8.6AI Score

0.001EPSS

2023-07-12 07:15 AM
13
cve
cve

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-04-18 09:15 PM
17
2
cve
cve

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2.....

8.1CVSS

8.1AI Score

0.001EPSS

2023-04-18 09:15 PM
14
cve
cve

CVE-2023-25550

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-18 09:15 PM
13
cve
cve

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-18 09:15 PM
17
cve
cve

CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

8.8CVSS

6.4AI Score

0.001EPSS

2023-04-18 09:15 PM
12
cve
cve

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-04-18 09:15 PM
10
cve
cve

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-04-18 09:15 PM
15
cve
cve

CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert...

8.1CVSS

8AI Score

0.001EPSS

2023-04-18 09:15 PM
16
cve
cve

CVE-2023-25547

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and...

8.8CVSS

8.7AI Score

0.001EPSS

2023-04-18 09:15 PM
17
2
cve
cve

CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to...

9.8CVSS

9.1AI Score

0.002EPSS

2023-01-30 11:15 PM
19
cve
cve

CVE-2022-32521

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to...

8.8CVSS

8.6AI Score

0.001EPSS

2023-01-30 11:15 PM
16
cve
cve

CVE-2022-32518

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to...

9.8CVSS

9.2AI Score

0.002EPSS

2023-01-30 11:15 PM
20
cve
cve

CVE-2022-32520

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to...

9.8CVSS

9.2AI Score

0.002EPSS

2023-01-30 11:15 PM
17
cve
cve

CVE-2017-8371

Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified...

6.8CVSS

6.3AI Score

0.001EPSS

2022-10-03 04:23 PM
22
cve
cve

CVE-2021-22794

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and...

9.8CVSS

9.6AI Score

0.005EPSS

2022-04-13 04:15 PM
36
cve
cve

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and...

9.8CVSS

9.8AI Score

0.004EPSS

2022-04-13 04:15 PM
31
cve
cve

CVE-2018-7807

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could...

8.8CVSS

8.5AI Score

0.001EPSS

2018-11-30 07:29 PM
22
cve
cve

CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of...

7.5CVSS

7.3AI Score

0.783EPSS

2018-08-06 08:29 PM
387
cve
cve

CVE-2018-3693

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel...

5.6CVSS

6.3AI Score

0.001EPSS

2018-07-10 09:29 PM
229
4
cve
cve

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code...

7.8CVSS

8.3AI Score

0.0005EPSS

2018-05-23 01:29 PM
254
2
cve
cve

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to...

9.8CVSS

7.7AI Score

0.005EPSS

2018-05-23 01:29 PM
320
2
cve
cve

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store....

5.5CVSS

5.9AI Score

0.003EPSS

2018-05-22 12:29 PM
538
In Wild
2
cve
cve

CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require....

8.3CVSS

8AI Score

0.004EPSS

2018-04-19 02:29 AM
81
cve
cve

CVE-2018-2825

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require....

8.3CVSS

8AI Score

0.004EPSS

2018-04-19 02:29 AM
73
cve
cve

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS

4.9AI Score

0.003EPSS

2018-04-19 02:29 AM
139
cve
cve

CVE-2018-2814

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.3CVSS

8.1AI Score

0.003EPSS

2018-04-19 02:29 AM
155
cve
cve

CVE-2018-2811

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE....

7.7CVSS

7.5AI Score

0.001EPSS

2018-04-19 02:29 AM
65
cve
cve

CVE-2018-2796

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with.....

5.3CVSS

5AI Score

0.004EPSS

2018-04-19 02:29 AM
135
cve
cve

CVE-2018-2798

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS

5AI Score

0.004EPSS

2018-04-19 02:29 AM
125
cve
cve

CVE-2018-2800

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

4.2CVSS

4.3AI Score

0.002EPSS

2018-04-19 02:29 AM
136
cve
cve

CVE-2018-2797

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS

5AI Score

0.004EPSS

2018-04-19 02:29 AM
132
cve
cve

CVE-2018-2794

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where...

7.7CVSS

7.7AI Score

0.001EPSS

2018-04-19 02:29 AM
131
cve
cve

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker...

5.3CVSS

5AI Score

0.004EPSS

2018-04-19 02:29 AM
116
cve
cve

CVE-2018-2799

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network....

5.3CVSS

5AI Score

0.002EPSS

2018-04-19 02:29 AM
163
cve
cve

CVE-2018-2790

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.1CVSS

3.9AI Score

0.002EPSS

2018-04-19 02:29 AM
151
cve
cve

CVE-2018-2678

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker...

4.3CVSS

4.3AI Score

0.003EPSS

2018-01-18 02:29 AM
123
cve
cve

CVE-2018-2663

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated...

4.3CVSS

4.3AI Score

0.003EPSS

2018-01-18 02:29 AM
116
cve
cve

CVE-2018-2677

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

4.3CVSS

4.4AI Score

0.003EPSS

2018-01-18 02:29 AM
149
cve
cve

CVE-2018-2657

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.3CVSS

4.7AI Score

0.004EPSS

2018-01-18 02:29 AM
88
cve
cve

CVE-2018-2634

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

6.8CVSS

6.2AI Score

0.002EPSS

2018-01-18 02:29 AM
131
cve
cve

CVE-2018-2627

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE....

7.5CVSS

7.4AI Score

0.0005EPSS

2018-01-18 02:29 AM
63
cve
cve

CVE-2018-2641

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

6.1CVSS

5.9AI Score

0.002EPSS

2018-01-18 02:29 AM
140
cve
cve

CVE-2018-2633

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker.....

8.3CVSS

6.8AI Score

0.003EPSS

2018-01-18 02:29 AM
142
cve
cve

CVE-2018-2637

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker...

7.4CVSS

6.2AI Score

0.002EPSS

2018-01-18 02:29 AM
137
cve
cve

CVE-2018-2629

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker.....

5.3CVSS

5AI Score

0.002EPSS

2018-01-18 02:29 AM
138
cve
cve

CVE-2018-2638

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

8.3CVSS

8AI Score

0.007EPSS

2018-01-18 02:29 AM
78
Total number of security vulnerabilities58