20 matches found
EUVD-2022-30287
Malicious code in bioql PyPI...
EUVD-2022-30288
Malicious code in bioql PyPI...
CVE-2022-25628
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
Symantec Identity Manager 跨站脚本漏洞
Symantec Identity Manager is an identity management system from Symantec Corporation USA. A security vulnerability exists in Symantec Identity Manager versions 14.3 CP3, 14.4.1, and 14.4.2. An attacker could exploit this vulnerability to execute malicious HTML and JavaScript code in a client...
Symantec Identity Manager 跨站脚本漏洞
Symantec Identity Manager is an identity management system from Symantec Corporation. A security vulnerability exists in Symantec Identity Manager versions 14.3 CP3, 14.4.1, and 14.4.2, which stems from a user inputting a CRLF sequence that results in the returned response being split into two...
Symantec Identity Manager 跨站脚本漏洞
Symantec Identity Manager is an identity management system from Symantec Corporation. A security vulnerability exists in Symantec Identity Manager versions 14.3 CP3, 14.4.1, and 14.4.2, which can be exploited by an attacker to enumerate the current user's Oracle LDAP attributes by modifying the...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
CVE-2022-25628
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
Command injection
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
Symantec Identity Manager 14.4 is affected: an authenticated administrator with physical access can perform Remote Command Execution on the Management Console. The publicly documented details describe local access as the attack vector with high impact on confidentiality, integrity, and availabili...
CVE-2022-25628
CVE-2022-25628 describes an XML External Entity (XXE) injection vulnerability in the Symantec Identity Manager 14.4 Management Console . An authenticated user can trigger XXE, with potential data exposure or other malicious activity as implied by the vulnerability class. The CVSS data from the en...
CVE-2022-25628
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
Symantec Identity Manager 授权问题漏洞
Symantec Identity Manager is an identity management system from Symantec Corporation. A security vulnerability exists in Symantec Identity Manager version 14.4, which originates from an unauthenticated user being able to access a specific page URL in the management console, but the system does no...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
PT-2022-17420 · Symantec · Symantec Identity Manager
Name of the Vulnerable Software and Affected Versions: Symantec Identity Manager version 14.4 Description: An authenticated user can perform XML eXternal Entity injection in the Management Console. This issue allows for potential data exposure or other malicious activities. Recommendations: For...
PT-2022-17419 · Symantec · Symantec Identity Manager
Name of the Vulnerable Software and Affected Versions: Symantec Identity Manager version 14.4 Description: An authenticated administrator with physical access to the environment can execute remote commands on the Management Console. This issue affects the Management Console component...
Symantec Identity Manager 代码问题漏洞
Symantec Identity Manager is an identity management system from Symantec Corporation. A security vulnerability exists in Symantec Identity Manager version 14.4, which originates from an authenticated user being able to perform XML external entity injection in the management console...