ONE Security Vulnerabilities
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...
7.5CVSS
7.6AI Score
0.758EPSS
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely...
4.4CVSS
4.7AI Score
0.001EPSS
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion...
7.2CVSS
6.8AI Score
0.025EPSS
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local.....
9.1CVSS
7.6AI Score
0.001EPSS
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM...
6.1CVSS
5.9AI Score
0.001EPSS
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM...
6.5CVSS
6.4AI Score
0.001EPSS
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and...
7.2CVSS
7.2AI Score
0.002EPSS
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...
5.5CVSS
5.6AI Score
0.0004EPSS
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is....
9.8CVSS
9.8AI Score
0.004EPSS
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.6AI Score
0.0004EPSS
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...
7.8CVSS
7.7AI Score
0.0004EPSS
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the...
7.8CVSS
7.7AI Score
0.0004EPSS
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the...
7.8CVSS
7.7AI Score
0.0004EPSS
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute...
7.8CVSS
7.8AI Score
0.0004EPSS
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected...
7.5CVSS
7.4AI Score
0.001EPSS
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the...
7.8CVSS
7.7AI Score
0.0004EPSS
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code.....
7.8CVSS
7.9AI Score
0.0004EPSS
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...
7.8CVSS
7.7AI Score
0.0004EPSS
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the...
7.8CVSS
7.7AI Score
0.0004EPSS
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
7.8AI Score
0.0004EPSS
The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF...
6.5CVSS
6.4AI Score
0.001EPSS
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User...
4.9CVSS
5AI Score
0.001EPSS
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while....
9.8CVSS
9.9AI Score
0.003EPSS
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's.....
9.8CVSS
9.5AI Score
0.002EPSS
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform...
8.1CVSS
7.9AI Score
0.001EPSS
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code...
9.8CVSS
9.8AI Score
0.003EPSS
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins...
5.3CVSS
5.2AI Score
0.001EPSS
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a...
5.5CVSS
5.9AI Score
0.0004EPSS
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of.....
7.8CVSS
7.3AI Score
0.0004EPSS
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack,....
8.8CVSS
8.5AI Score
0.001EPSS
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format...
8.8CVSS
8.6AI Score
0.001EPSS
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged...
4.3CVSS
4.4AI Score
0.001EPSS
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be...
4.3CVSS
4.7AI Score
0.001EPSS
SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive...
6.5CVSS
6.3AI Score
0.001EPSS
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or...
5.3CVSS
5.2AI Score
0.001EPSS
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in...
9.8CVSS
9.3AI Score
0.003EPSS
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...
7.5CVSS
8.6AI Score
0.001EPSS
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate...
7.5CVSS
7.3AI Score
0.001EPSS
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute...
8.8CVSS
8.9AI Score
0.009EPSS
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to...
7.8CVSS
7.8AI Score
0.0004EPSS
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute...
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the...
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected...
7.8CVSS
7.7AI Score
0.0004EPSS
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI...
7.5CVSS
7.7AI Score
0.001EPSS
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI...
7.5CVSS
7.7AI Score
0.001EPSS
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI...
7.5CVSS
7.7AI Score
0.0004EPSS
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and....
6.5CVSS
6.8AI Score
0.002EPSS
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be...
4.4CVSS
4.6AI Score
0.0004EPSS