CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2019/09/29 12:0 a.m.•2 views

Dell EMC Integrated Data Protection Appliance ACM Password Storage Vulnerability

Dell EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution from Dell, Inc.ACM is one of the application configuration management components. A password storage vulnerability exists in the Dell EMC Integrated Data Protection Appliance ACM. An attacker could exploit...

8.2CVSS6.8AI score0.007EPSS

NVD•added 2019/09/27 9:15 p.m.•18 views

CVE-2019-3736

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to...

8.2CVSS7.1AI score0.007EPSS

NVD•added 2019/09/27 9:15 p.m.•11 views

CVE-2019-3747

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users...

8.4CVSS5.6AI score0.00778EPSS

NVD•added 2019/09/27 9:15 p.m.•13 views

CVE-2019-3746

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system...

9.8CVSS9.1AI score0.02121EPSS

OSV•added 2019/09/27 9:15 p.m.•2 views

CVE-2019-3746

8.8CVSS7.3AI score0.02121EPSS

Prion•added 2019/09/27 9:15 p.m.•15 views

Design/Logic Flaw

4CVSS6.7AI score0.007EPSS

Prion•added 2019/09/27 9:15 p.m.•10 views

Cross site scripting

3.5CVSS4.8AI score0.00778EPSS

Prion•added 2019/09/27 9:15 p.m.•16 views

Authentication flaw

6.5CVSS8.7AI score0.02121EPSS

CVE•added 2019/09/27 8:21 p.m.•211 views

CVE-2019-3747

Dell EMC Integrated Data Protection Appliance (IDPA) versions prior to 2.3 are affected by a stored cross-site scripting vulnerability in the Cloud DR add-on field. A remote attacker with ACM admin privileges can store malicious HTML/JavaScript, which is then executed by victim users’ browsers in...

8.4CVSS4.7AI score0.00778EPSS

Cvelist•added 2019/09/27 8:21 p.m.•16 views

CVE-2019-3747

8.4CVSS4.8AI score0.00778EPSS

CVE•added 2019/09/27 8:20 p.m.•202 views

CVE-2019-3746

CVE-2019-3746 affects Dell EMC Integrated Data Protection Appliance prior to version 2.3. The vulnerability arises because authentication attempts to the ACM API are not rate-limited, enabling an authenticated remote attacker to perform brute-force authentication and potentially gain system acces...

9.8CVSS8.6AI score0.02121EPSS

CVE•added 2019/09/27 8:19 p.m.•203 views

CVE-2019-3736

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 are affected by a password storage vulnerability in the ACM component. A remote authenticated user with root privileges may exploit a tool to decrypt locally stored encrypted passwords and use them to access other components with...

8.2CVSS6.6AI score0.007EPSS

Cvelist•added 2019/09/27 8:19 p.m.•17 views

CVE-2019-3736

8.2CVSS6.7AI score0.007EPSS

Microsoft KB•added 2019/09/24 12:0 a.m.•9 views

Update Rollup 8 for System Center 2016 Data Protection Manager

Update Rollup 8 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing Data...

5.8AI score

BDU FSTEC•added 2019/09/17 12:0 a.m.•2 views

The vulnerability of Microsoft Lync Server’s messaging server, related to the lack of protection for service data, allows attackers to disclose protected information.

The vulnerability of Microsoft Lync Server’s messaging server is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

7.8CVSS5.4AI score0.05793EPSS

Exploits0References2Affected Software1

The Hacker News•added 2019/09/16 11:0 a.m.•1 views

How Cloud-Based Automation Can Keep Business Operations Secure

The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief...

6.6AI score

BDU FSTEC•added 2019/09/13 12:0 a.m.•13 views

The vulnerability of the FortiOS operating system, related to the lack of protection for service data, allows attackers to disclose the protected information.

The vulnerability of the FortiOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

3.7CVSS5.5AI score

Carbon Black Blog•added 2019/09/12 12:1 p.m.•45 views

The Role of Human Error in Cyberattacks

One surefire way to guarantee cybersecurity is to restrict access to or stay off the internet. Unfortunately, this isn’t a feasible option, since the internet is such a crucial part of day-to-day life. As such, companies work to protect their data with endpoint security, selecting reputable web...

1.1AI score

The Hacker News•added 2019/09/11 7:41 a.m.•83 views

Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension

Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. Firefox Private Network service is currently in beta and available only to...

1.2AI score