Lucene search

K

Performance Management Security Vulnerabilities

cve
cve

CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...

8.4CVSS

7.6AI Score

0.0004EPSS

2023-10-03 02:15 AM
43
cve
cve

CVE-2022-41646

Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-05-10 02:15 PM
19
cve
cve

CVE-2022-37409

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-05-10 02:15 PM
14
cve
cve

CVE-2022-2155

A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a.....

7.1CVSS

6.7AI Score

0.001EPSS

2023-01-12 03:15 PM
18
cve
cve

CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS

7.7AI Score

0.007EPSS

2022-11-09 07:15 AM
373
4
cve
cve

CVE-2020-36530

A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated...

8.8CVSS

8.8AI Score

0.001EPSS

2022-06-07 06:15 PM
25
5
cve
cve

CVE-2020-36531

A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated...

8.8CVSS

8.8AI Score

0.001EPSS

2022-06-07 06:15 PM
19
5
cve
cve

CVE-2020-36529

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack...

8.8CVSS

9.2AI Score

0.001EPSS

2022-06-07 06:15 PM
21
5
cve
cve

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...

5.9CVSS

7.5AI Score

0.966EPSS

2021-12-18 12:15 PM
752
In Wild
4
cve
cve

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......

8.3CVSS

8.5AI Score

0.013EPSS

2021-07-21 03:15 PM
157
9
cve
cve

CVE-2021-27887

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3...

6.3CVSS

5.2AI Score

0.001EPSS

2021-06-14 10:15 PM
42
3
cve
cve

CVE-2021-22514

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of...

9.8CVSS

9.7AI Score

0.007EPSS

2021-04-28 12:15 PM
20
3
cve
cve

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path...

4.8CVSS

5.5AI Score

0.002EPSS

2021-04-13 07:15 AM
341
In Wild
26
cve
cve

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can....

5.3CVSS

5.2AI Score

0.064EPSS

2021-04-01 03:15 PM
299
16
cve
cve

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS...

7.5CVSS

7.3AI Score

0.802EPSS

2021-04-01 03:15 PM
409
17
cve
cve

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

2.7CVSS

5.1AI Score

0.001EPSS

2021-04-01 03:15 PM
228
In Wild
16
cve
cve

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then.....

5.9CVSS

6.5AI Score

0.005EPSS

2021-03-25 03:15 PM
626
82
cve
cve

CVE-2020-4725

IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID:...

3.5CVSS

4.4AI Score

0.001EPSS

2021-03-02 05:15 PM
18
4
cve
cve

CVE-2020-4719

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID:...

4.9CVSS

5AI Score

0.001EPSS

2021-03-02 05:15 PM
22
2
cve
cve

CVE-2020-4726

The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

3.3CVSS

3.9AI Score

0.0004EPSS

2021-03-02 05:15 PM
20
2
cve
cve

CVE-2021-22500

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's...

6.5CVSS

6.4AI Score

0.001EPSS

2021-02-06 02:15 AM
68
2
cve
cve

CVE-2021-22499

Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS...

4.8CVSS

4.8AI Score

0.001EPSS

2021-02-06 01:15 AM
63
3
cve
cve

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash...

7.8CVSS

8.3AI Score

0.97EPSS

2021-01-26 09:15 PM
3954
In Wild
826
cve
cve

CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML...

4.4CVSS

4.6AI Score

0.0005EPSS

2021-01-12 03:15 PM
28
3
cve
cve

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The...

9.8CVSS

9.6AI Score

0.233EPSS

2020-10-27 05:15 PM
69
2
cve
cve

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40.....

8.8CVSS

8.8AI Score

0.837EPSS

2020-10-22 09:15 PM
101
4
cve
cve

CVE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS

3.8AI Score

0.001EPSS

2020-10-21 03:15 PM
256
14
cve
cve

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related.....

5.3CVSS

5.1AI Score

0.001EPSS

2020-09-23 02:15 PM
25
cve
cve

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

7.2CVSS

6.8AI Score

0.001EPSS

2020-09-23 02:15 PM
22
cve
cve

CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk...

7.5CVSS

8.1AI Score

0.002EPSS

2020-06-05 03:15 PM
370
4
cve
cve

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction...

8.6CVSS

8.8AI Score

0.003EPSS

2020-06-05 02:15 PM
307
5
cve
cve

CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer...

8.2CVSS

8.7AI Score

0.003EPSS

2020-06-05 02:15 PM
287
6
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...

6.9CVSS

6.8AI Score

0.061EPSS

2020-04-29 10:15 PM
5379
In Wild
18
cve
cve

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and...

3.7CVSS

6AI Score

0.002EPSS

2020-04-27 04:15 PM
300
17
cve
cve

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature...

7.5CVSS

7.3AI Score

0.081EPSS

2020-04-21 02:15 PM
433
6
cve
cve

CVE-2020-2946

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

6CVSS

5.6AI Score

0.001EPSS

2020-04-15 02:15 PM
21
cve
cve

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
140
4
cve
cve

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-31 05:15 AM
220
3
cve
cve

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
165
3
cve
cve

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka...

8.8CVSS

8.3AI Score

0.008EPSS

2020-03-26 01:15 PM
165
3
cve
cve

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
177
3
cve
cve

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka...

8.8CVSS

8.3AI Score

0.011EPSS

2020-03-18 10:15 PM
223
3
cve
cve

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded...

9.8CVSS

9.2AI Score

0.007EPSS

2020-03-02 04:15 AM
266
2
cve
cve

CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.7CVSS

4.3AI Score

0.001EPSS

2020-01-15 05:15 PM
266
2
cve
cve

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE....

3.7CVSS

4.5AI Score

0.001EPSS

2020-01-15 05:15 PM
283
5
cve
cve

CVE-2020-2614

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

6CVSS

5.7AI Score

0.001EPSS

2020-01-15 05:15 PM
31
cve
cve

CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access...

8.1CVSS

7.7AI Score

0.003EPSS

2020-01-15 05:15 PM
250
4
cve
cve

CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

6.8CVSS

6.7AI Score

0.001EPSS

2020-01-15 05:15 PM
237
cve
cve

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access...

3.7CVSS

4.3AI Score

0.003EPSS

2020-01-15 05:15 PM
220
2
cve
cve

CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS

4.4AI Score

0.001EPSS

2020-01-15 05:15 PM
267
2
Total number of security vulnerabilities129