Lucene search
K

165 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.5 views

The vulnerability of fwupd, a daemon used for managing firmware updates in Linux-based systems, allows an attacker to access confidential information.

The vulnerability of fwupd for managing firmware updates in Linux-based systems is related to the storage of automatically generated passwords in /etc/fwupd/redfish.conf without proper restrictions. Exploiting this vulnerability allows a remote attacker to access confidential information...

6.8CVSS6.3AI score0.00619EPSS
Exploits0References3Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 5:37 p.m.19 views

Security Bulletin: This Power System update is being released to address CVE-2024-31916

Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...

7.5CVSS7.4AI score0.0055EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/03/19 5:41 p.m.10 views

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

6.5CVSS5.8AI score0.00619EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/05 4:30 p.m.4 views

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

6.5CVSS5.8AI score0.00619EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.28 views

RHEL 8 : fwupd (RHSA-2024:1106)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...

6.5CVSS6.2AI score0.00619EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.8 views

The vulnerability of the Redfish server of the MaxView Storage Manager allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Redfish server of the MaxView Storage Manager relates to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device...

9.4CVSS7.7AI score0.00528EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.22 views

Dell iDRAC7 Incorrect Authorization (CVE-2018-15774)

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in th...

8.8CVSS6.6AI score0.00941EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/01/10 12:0 a.m.9 views

The vulnerability of the Redfish server of the storage manager MaxView on industrial computers SIMATIC IPC647E, SIMATIC IPC847E, and SIMATIC IPC1047E allows a perpetrator to gain unauthorized full access to the device.

The vulnerability of the Redfish server of the storage manager MaxView for industrial computers SIMATIC IPC647E, SIMATIC IPC847E, and SIMATIC IPC1047E is related to errors in processing input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized full...

10CVSS7.7AI score0.00646EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/09 10:15 a.m.31 views

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

10CVSS9.4AI score0.00646EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 10:15 a.m.7 views

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

9.8CVSS5.7AI score0.00646EPSS
Exploits0References1
Prion
Prion
added 2024/01/09 10:15 a.m.16 views

Design/Logic Flaw

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

7.5CVSS7.1AI score0.00646EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/09 10:0 a.m.5 views

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

10CVSS9.4AI score0.00646EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/09 10:0 a.m.37 views

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

10CVSS9.4AI score0.00646EPSS
Exploits0References1
CVE
CVE
added 2024/01/09 10:0 a.m.59 views

CVE-2023-51438

CVE-2023-51438 affects Siemens SIMATIC IPC1047E, IPC647E, and IPC847E with maxView Storage Manager on Windows prior to 4.14.00.26068. The vulnerability arises from improper input validation in the Redfish remote-management context, enabling unauthorized access (impact: high confidentiality, integ...

10CVSS9.2AI score0.00646EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/08 7:15 a.m.7 views

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

10CVSS5.8AI score0.00528EPSS
Exploits0References1
NVD
NVD
added 2024/01/08 7:15 a.m.18 views

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

10CVSS9.2AI score0.00528EPSS
Exploits0References1
Prion
Prion
added 2024/01/08 7:15 a.m.19 views

Information disclosure

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

7.5CVSS6.9AI score0.00528EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/01/08 12:0 a.m.53 views

CVE-2024-22216

CVE-2024-22216 affects Microchip maxView Storage Manager (Adaptec Smart Storage Controllers). The vulnerability resides in the Redfish server handling in versions 3.00.23484 through 4.14.00.26064, with older builds prior to 3.07.23980 and 4.07.00.25339 also affected. The issue allows unauthorized...

10CVSS9AI score0.00528EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 12:0 a.m.4 views

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

9.3AI score0.00528EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/08 12:0 a.m.20 views

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

9.3AI score0.00528EPSS
Exploits0References1
Rows per page
Query Builder