Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SMT Security Vulnerabilities

cve
cve

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series....

9.8CVSS

9.7AI Score

0.006EPSS

2022-03-09 08:15 PM
89
cve
cve

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS...

9.8CVSS

9.4AI Score

0.002EPSS

2022-03-09 08:15 PM
92
cve
cve

CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series...

9.1CVSS

9.2AI Score

0.001EPSS

2022-03-09 08:15 PM
52
cve
cve

CVE-2013-3620

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8...

7.5CVSS

7.6AI Score

0.003EPSS

2020-01-02 06:15 PM
134
cve
cve

CVE-2013-3619

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2)...

8.1CVSS

8AI Score

0.012EPSS

2020-01-02 06:15 PM
184
cve
cve

CVE-2018-12470

A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to...

9.8CVSS

9.8AI Score

0.001EPSS

2018-10-04 02:29 PM
25
cve
cve

CVE-2018-12471

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to...

8.1CVSS

8.6AI Score

0.003EPSS

2018-10-04 02:29 PM
22
cve
cve

CVE-2018-12472

A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to...

9.1CVSS

9.2AI Score

0.002EPSS

2018-10-04 02:29 PM
20