Administrator Security Vulnerabilities
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...
7.5CVSS
7.6AI Score
0.001EPSS
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating...
8.8CVSS
8.6AI Score
0.001EPSS
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager...
8.8CVSS
8.5AI Score
0.001EPSS
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine.....
6.5CVSS
6.5AI Score
0.001EPSS
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way...
8CVSS
5.5AI Score
0.001EPSS
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution...
9.8CVSS
9.5AI Score
0.008EPSS
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
5.5CVSS
5.6AI Score
0.0004EPSS
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...
7.4CVSS
7.5AI Score
0.001EPSS
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was...
6.5CVSS
6.3AI Score
0.001EPSS
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was...
8.8CVSS
8.7AI Score
0.158EPSS
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is...
5.3CVSS
5.2AI Score
0.001EPSS
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD,...
8.8CVSS
8.3AI Score
0.003EPSS
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted....
8.8CVSS
8.3AI Score
0.002EPSS
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash)....
6.1CVSS
6.3AI Score
0.003EPSS
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash)...
6.1CVSS
6.3AI Score
0.001EPSS
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating...
8.8CVSS
8.8AI Score
0.001EPSS
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than...
6.7CVSS
6.8AI Score
0.0004EPSS
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts...
7.8CVSS
7.7AI Score
0.002EPSS
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged...
9.8CVSS
9.3AI Score
0.002EPSS
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and...
6.1CVSS
5.8AI Score
0.001EPSS
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary...
7CVSS
6.8AI Score
0.0004EPSS
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions.....
6.3CVSS
6.5AI Score
0.001EPSS
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to...
4.9CVSS
4.8AI Score
0.014EPSS
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the...
7.3AI Score
0.002EPSS
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.7AI Score
0.006EPSS
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP...
8.6AI Score
0.002EPSS
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary...
6.8AI Score
0.002EPSS
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25;...
7.6AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before.....
5.5AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to...
5.9AI Score
0.002EPSS
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading....
5.6AI Score
0.0004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId...
5.9AI Score
0.003EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary...
7.2AI Score
0.002EPSS
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified...
6.4AI Score
0.0004EPSS
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to...
7.4AI Score
0.007EPSS
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to...
6.9AI Score
0.002EPSS
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user...
6.7AI Score
0.861EPSS
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.472EPSS
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified...
8.1AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6,....
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.004EPSS
Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse...
6.6AI Score
0.0004EPSS
HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified...
7.8AI Score
0.151EPSS
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.8AI Score
0.007EPSS
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified...
6.2AI Score
0.003EPSS
Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown...
6.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different...
5.6AI Score
0.01EPSS
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the...
7.6AI Score
0.01EPSS
Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown...
6.8AI Score
0.01EPSS
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE...
6.9AI Score
0.052EPSS