CyberArk Credential Provider Local Cache Can Be Decrypted

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...

IBM Security SOAR has an unspecified vulnerability

IBM Security SOAR, formerly Resilient, is an IBM product designed to help your security team confidently address cyber threats, automate through intelligence, and collaborate through consistency. minimum privilege level to perform operations, which can create new vulnerabilities or amplify the...

CVE-2021-29802

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses...

Code injection

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses...

CVE-2021-29802

IBM Security SOAR (Resilient App Host) is affected by CVE-2021-29802. The vulnerability arises from performing an operation at a privilege level higher than the minimum required, potentially creating or amplifying weaknesses. Affected product: Resilient OnPrem (IBM Security SOAR). Remediation: up...

CVE-2021-29802

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses...

HashiCorp Nomad Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HashiCorp Nomad Remote Command Execution', 'Description' = %q Create a batch job on HashiCorp's Nomad service to spawn a shell. The default optio...

CVE-2021-2247

Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanc...

Huawei Data Communication: Configuring Secure User Authentication Modes and Permission Levels

Configure user rights in the user-interface VTY view. In password authentication mode, this permission is the actual login permission. In AAA authentication mode, this parameter takes effect if no user rights are configured on the AAA server. Configuring password authentication on the VTY is...

Code injection

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 all firmware versions prior to 02A04.1...

CVE-2021-27454

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 all firmware versions prior to 02A04.1...

CVE-2021-27454

CVE-2021-27454 affects GE Reason DR60 firmware prior to 02A04.1, where the software performs an operation at a privilege level higher than required, enabling execution with unnecessary privileges. This is documented across multiple sources (NVD, Red Hat, CNVD, CVE listings, and CISA ICS advisory)...

TIBCO Security Advisory: March 23, 2021 - TIBCO Rendezvous -2021-28817

TIBCO Rendezvous Windows Platform Installation vulnerability Original release date:March 23, 2021 Last revised: CVE-2021-28817 Source: TIBCO Software Inc. Products Affected TIBCO Rendezvous versions 8.5.1 and below TIBCO Rendezvous Developer Edition versions 8.5.1 and below The following componen...

CVE-2020-4184

IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802...

Cisco SD-WAN Solution vManage Cross-Site Request Forgery (cisco-sa-20191120-vman-csrf)

The version of Cisco SD-WAN Solution vManage installed on the remote host is affected by a vulnerability as referenced in the cisco-sa-20191120-vman-csrf advisory, as follows: - A vulnerability in the vManage web-based UI web UI of the Cisco SD-WAN Solution could allow an unauthenticated, remote...

Cross site request forgery (csrf)

A remote unauthenticated cross-site request forgery csrf vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a...

Race condition

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...

CVE-2021-22974

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...

F5 Networks BIG-IP : iControl REST vulnerability (K68652018)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K68652018 advisory. An authenticated attacker with access to iControl REST over the control plane may be...

CVE-2020-13510

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...