Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dashboard Server Security Vulnerabilities

cve
cve

CVE-2024-35162

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the...

6.6AI Score

0.0004EPSS

2024-05-22 06:15 AM
26
cve
cve

CVE-2023-3361

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes...

7.7CVSS

7.5AI Score

0.001EPSS

2023-10-04 12:15 PM
23
cve
cve

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

6.5CVSS

5.2AI Score

0.001EPSS

2023-03-21 02:15 PM
25
cve
cve

CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected....

6.5CVSS

6.4AI Score

0.002EPSS

2023-03-21 01:15 PM
28
cve
cve

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

6.5CVSS

5.5AI Score

0.001EPSS

2023-03-21 12:15 PM
22
cve
cve

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040...

8.8CVSS

8.9AI Score

0.004EPSS

2023-03-21 11:15 AM
15
cve
cve

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS...

8.8CVSS

8.9AI Score

0.005EPSS

2023-03-21 10:15 AM
18
cve
cve

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...

7.8CVSS

7.8AI Score

0.001EPSS

2023-03-21 09:15 AM
21
cve
cve

CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...

8.8CVSS

8.8AI Score

0.005EPSS

2023-03-21 07:15 AM
19
cve
cve

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected.....

8.8CVSS

8.9AI Score

0.004EPSS

2023-03-21 06:15 AM
21
cve
cve

CVE-2022-46785

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of...

6.1CVSS

6AI Score

0.001EPSS

2023-02-23 10:15 PM
27
cve
cve

CVE-2022-46784

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1...

6.1CVSS

6.2AI Score

0.001EPSS

2023-02-23 10:15 PM
17
cve
cve

CVE-2022-46786

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-23 08:15 PM
19
cve
cve

CVE-2009-3098

Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no.....

6.8AI Score

0.005EPSS

2022-10-03 04:23 PM
25
cve
cve

CVE-2022-20860

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus...

7.4CVSS

6.7AI Score

0.001EPSS

2022-07-21 04:15 AM
68
4
cve
cve

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally...

9.8CVSS

9.5AI Score

0.002EPSS

2022-01-21 07:15 PM
27
2
cve
cve

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all....

5.3CVSS

5.2AI Score

0.001EPSS

2022-01-21 07:15 PM
23
cve
cve

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....

10CVSS

9.8AI Score

0.976EPSS

2021-12-10 10:15 AM
3635
In Wild
399
cve
cve

CVE-2020-26249

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver....

8.7CVSS

8.4AI Score

0.001EPSS

2020-12-09 12:15 AM
52
cve
cve

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka...

4.8CVSS

5AI Score

0.001EPSS

2019-05-14 03:29 PM
20
cve
cve

CVE-2019-6516

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka...

5.8CVSS

5.6AI Score

0.001EPSS

2019-05-14 03:29 PM
21
cve
cve

CVE-2017-14995

The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is...

6.1CVSS

5.2AI Score

0.001EPSS

2017-10-04 01:29 AM
29
cve
cve

CVE-2017-14651

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath...

4.8CVSS

4.7AI Score

0.001EPSS

2017-09-21 06:29 PM
33