Lucene search
+L

55 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/05/09 11:30 p.m.4 views

Malicious code in @content-platform/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8483b2f250f1824837729cc5bf8f6fa9fe76e44cc5c0e9352b1112c8c83cd0db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2023/12/31 12:0 a.m.6 views

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/alipaynotify.php...

8.8CVSS8.1AI score0.00479EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/23 6:56 p.m.41 views

Security Bulletin: FileNet Content Manager (FNCM) has multiple IBM Java security vulnerabilities

Summary FileNet Content Manager FNCM has multiple IBM Java security vulnerabilities in Content Platform Engine CPE. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no...

5.3CVSS6.6AI score0.02805EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/09/26 4:15 p.m.4 views

CVE-2021-28052

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

4.9CVSS5.8AI score0.00681EPSS
Exploits0References2
NVD
NVD
added 2022/09/26 4:15 p.m.18 views

CVE-2021-28052

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

7.5CVSS0.00681EPSS
Exploits0References2
Prion
Prion
added 2022/09/26 4:15 p.m.20 views

Authorization

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

3.3CVSS4.9AI score0.00681EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/26 3:10 p.m.27 views

CVE-2021-28052 Hitachi Content Platform Information Disclosure Vulnerability

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

7.5CVSS7.5AI score0.00681EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/26 3:10 p.m.10 views

CVE-2021-28052 Hitachi Content Platform Information Disclosure Vulnerability

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

7.5CVSS6.6AI score0.00681EPSS
Exploits0References2
CVE
CVE
added 2022/09/26 3:10 p.m.51 views

CVE-2021-28052

CVE-2021-28052 – Hitachi Content Platform (HCP) multi-tenant access control flaw. A tenant administrator can modify configurations in another tenant, potentially exposing data; a non‑admin tenant user may view configurations in another tenant. Affected products/versions: Hitachi Vantara HCP prior...

7.5CVSS5.3AI score0.00681EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/26 12:0 a.m.4 views

PT-2022-9881 · Hitachi · Hitachi Content Platform

Name of the Vulnerable Software and Affected Versions: Hitachi Content Platform versions prior to 8.3.7 Hitachi Content Platform 9.0.0 versions prior to 9.2.3 Description: A tenant administrator of Hitachi Content Platform HCP may modify the configuration in another tenant without authorization,...

7.5CVSS5.7AI score0.00681EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.4 views

Hitachi Vantara Hitachi Content Platform 安全漏洞

Hitachi Vantara Hitachi Content Platform is an object storage system from Hitachi Vantara, Inc. that provides massively scalable, reliable, efficient and easy-to-use storage for automated management and preservation of content. An access control error vulnerability exists in Hitachi Vantara Hitac...

7.5CVSS5.1AI score0.00681EPSS
Exploits0References3
OSV
OSV
added 2022/08/16 12:0 a.m.29 views

GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...

8.8CVSS9.3AI score0.01278EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/08/16 12:0 a.m.42 views

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...

9.8CVSS8.5AI score0.01278EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2022/08/11 12:2 p.m.36 views

2FA Bypass in Cockpit Content Platform ≤ v2.2.1

Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...

6.5CVSS9.3AI score0.01278EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.6 views

The vulnerability of the software for synchronizing and sharing files of Hitachi Content Platform Anywhere lies in the insufficient protection of registration data, allowing unauthorized access to protected information.

The vulnerability of the Hitachi Content Platform Anywhere synchronization and sharing software is related to insufficient protection for registration data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...

7.8CVSS6.6AI score0.00792EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/26 9:23 p.m.25 views

Security Bulletin: IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine (ACCE) in Apache Commons Compress

Summary IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine ACCE in Apache Commons Compress v1.18 Vulnerability Details CVE-ID: CVE-2019-12402 Description: Apache Commons Compress is vulnerable to a denial of service, caused by an error in the...

7.5CVSS0.6AI score0.16157EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/09/29 6:15 p.m.13 views

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

7.5CVSS0.00792EPSS
Exploits0References2
OSV
OSV
added 2021/09/29 6:15 p.m.3 views

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

6.5CVSS6.5AI score0.00792EPSS
Exploits0References2
Prion
Prion
added 2021/09/29 6:15 p.m.20 views

Information disclosure

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

4CVSS6.2AI score0.00792EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/29 5:50 p.m.48 views

CVE-2021-41573

Hitachi Content Platform Anywhere (HCP‑AW) versions 4.4.5 and later are affected by an information‑disclosure vulnerability. If an authenticated user creates a link to a file/folder while the system runs 4.3.x or earlier, shares the link, and later deletes the original item without deleting the l...

7.5CVSS6.2AI score0.00792EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder