The Network Configuration Manager (NCM) software, which is related to the failure to protect the structure of web pages, allows attackers to carry out XSS attacks.

The Network Configuration Manager NCM software is associated with the failure to take measures to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

VulnCheck KEV: CVE-2018-12998

A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to...

ZOHO多款产品 安全漏洞

ZOHO ManageEngine Netflow Analyzer and so on are products of ZOHO USA.ZOHO ManageEngine Netflow Analyzer is a set of Web-based bandwidth monitoring tools.ZOHO ManageEngine Firewall Analyzer is a ZOHO ManageEngine Firewall Analyzer is a set of Web-based firewall log analysis tools, ZOHO ManageEngi...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager CVE-2025-27907)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

CVE-2023-22440

Incorrect default permissions in the IntelR SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-33226

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges...

CVE-2023-33227

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges...

CVE-2022-35415

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

CVE-2020-11533

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information keying material...

CVE-2020-8951

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager Configuration Parameter Translation page...

CVE-2013-2717

Multiple unspecified vulnerabilities in the System Management aka SysAdmin Console in EMC Smarts Network Configuration Manager NCM through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other...

Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, affecting WebSphere Service Registry and Repository due to July 2024 CPU

Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere Servi...

SMB to HTTP relay version of Get NAA Creds

This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server aka Management Point to gain an authenticated connection. Once authenticated it then attempts to retrieve the Network Access Accounts, if configured, from the SCCM server. This requires a computer...

Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Multiple vulnerabilitis exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Metasploit Wrap-Up 03/06/2025

New module content 3 Get NAA Credentials Authors: skelsec, smashery, and xpn Type: Auxiliary Pull request: 19712 contributed by smashery Path: admin/sccm/getnaacredentials Description: Adds an auxiliary module which performs the retrieval of Network Access Account NAA credentials from an System...

CVE-2020-2984

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager component: Discovery and collection script. The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

About Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468) vulnerability

About Remote Code Execution - Microsoft Configuration Manager CVE-2024-43468 vulnerability. This vulnerability is from the October 2024 MSPT. Microsoft Configuration Manager ConfigMgr is used to manage large groups of computers, providing remote control, patch management, software distribution,...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...