96 matches found
CVE-2026-31985
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
CVE-2026-31985 Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
CVE-2026-31985
CVE-2026-31985 affects the Remote Collector when configuring a Guardian or CMC via n2os-tui. The generated configuration disables TLS certificate verification, with no option to re-enable it, enabling MITM and potentially theft of the sync token, impersonation of the server, injection of spoofed ...
CVE-2025-40896
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2025-40896
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2025-40895
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...
CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
EUVD-2020-27392
Malware in sbrugna...
EUVD-2018-14252
Malware in sbrugna...
EUVD-2019-1108
Malware in sbrugna...
EUVD-2018-14338
Malware in sbrugna...
EUVD-2018-14225
Malware in sbrugna...
EUVD-2022-41560
Malicious code in bioql PyPI...
EUVD-2025-1493
Malicious code in bioql PyPI...
Incorrect authorization for traces request/download in CMC before 25.1.0
Summary An access control vulnerability was discovered in the Request Trace and Download Trace functionalities due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can request and download trace...
CVE-2025-42965 Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application
SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitati...
Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
Summary An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Impact Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC...
CVE-2022-41206
SAP BusinessObjects Business Intelligence platform Analysis for OLAP - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on...