55 matches found
Malicious code in @content-platform/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8483b2f250f1824837729cc5bf8f6fa9fe76e44cc5c0e9352b1112c8c83cd0db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7-card Fakabao SQL Injection Vulnerability
7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/alipaynotify.php...
Security Bulletin: FileNet Content Manager (FNCM) has multiple IBM Java security vulnerabilities
Summary FileNet Content Manager FNCM has multiple IBM Java security vulnerabilities in Content Platform Engine CPE. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
Authorization
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2021-28052 Hitachi Content Platform Information Disclosure Vulnerability
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2021-28052 Hitachi Content Platform Information Disclosure Vulnerability
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
CVE-2021-28052
CVE-2021-28052 – Hitachi Content Platform (HCP) multi-tenant access control flaw. A tenant administrator can modify configurations in another tenant, potentially exposing data; a non‑admin tenant user may view configurations in another tenant. Affected products/versions: Hitachi Vantara HCP prior...
PT-2022-9881 · Hitachi · Hitachi Content Platform
Name of the Vulnerable Software and Affected Versions: Hitachi Content Platform versions prior to 8.3.7 Hitachi Content Platform 9.0.0 versions prior to 9.2.3 Description: A tenant administrator of Hitachi Content Platform HCP may modify the configuration in another tenant without authorization,...
Hitachi Vantara Hitachi Content Platform 安全漏洞
Hitachi Vantara Hitachi Content Platform is an object storage system from Hitachi Vantara, Inc. that provides massively scalable, reliable, efficient and easy-to-use storage for automated management and preservation of content. An access control error vulnerability exists in Hitachi Vantara Hitac...
GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
2FA Bypass in Cockpit Content Platform ≤ v2.2.1
Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...
The vulnerability of the software for synchronizing and sharing files of Hitachi Content Platform Anywhere lies in the insufficient protection of registration data, allowing unauthorized access to protected information.
The vulnerability of the Hitachi Content Platform Anywhere synchronization and sharing software is related to insufficient protection for registration data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
Security Bulletin: IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine (ACCE) in Apache Commons Compress
Summary IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine ACCE in Apache Commons Compress v1.18 Vulnerability Details CVE-ID: CVE-2019-12402 Description: Apache Commons Compress is vulnerable to a denial of service, caused by an error in the...
CVE-2021-41573
Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...
CVE-2021-41573
Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...
Information disclosure
Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...
CVE-2021-41573
Hitachi Content Platform Anywhere (HCP‑AW) versions 4.4.5 and later are affected by an information‑disclosure vulnerability. If an authenticated user creates a link to a file/folder while the system runs 4.3.x or earlier, shares the link, and later deletes the original item without deleting the l...