Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Vulnrichment
Vulnrichmentadded 2022/11/07 12:0 a.m.5 views

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

6.7AI score0.00504EPSS
Exploits0References1
CVE
CVEadded 2022/11/07 12:0 a.m.47 views

CVE-2022-44795

CVE-2022-44795 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610 (fixed in 1.0.13.1611). The root cause is an insecure RNG used to create the URL for the support bundle, which could allow an attacker with credentials to predict the URL and access system logs, resulting in lo...

6.5CVSS6.2AI score0.0029EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/11/07 12:0 a.m.9 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.5AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/11/07 12:0 a.m.5 views

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

7.8AI score0.00729EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/11/07 12:0 a.m.14 views

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

9.1AI score0.00729EPSS
Exploits0References1
CNNVD
CNNVDadded 2022/11/07 12:0 a.m.2 views

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security signature issue vulnerability exists in Object First version 1.0.7.712, which stems from the use of an insecure RNG in the command that creates URLs for support packages, which could allow an attacker to access...

6.5CVSS6.5AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/11/07 12:0 a.m.3 views

Object First 安全漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security vulnerability exists in Object First version 1.0.7.712, which stems from the command to set the hostname not validating the input parameters, resulting in arbitrary data that can be directed to the Bash...

8.8CVSS8.4AI score0.00729EPSS
Exploits0References2
Rows per page
Query Builder