Lucene search
K

137 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.2 views

CVE-2022-33955

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312...

6.8CVSS6.1AI score0.00512EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.4 views

CVE-2022-34163

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...

6.1CVSS6AI score0.00551EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.2 views

CVE-2022-34161

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331...

8.8CVSS6.3AI score0.00368EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/07/08 5:15 p.m.4 views

CVE-2022-34167

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/08 12:0 a.m.3 views

PT-2022-22029 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Th...

5.8CVSS5.4AI score0.00887EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/08 12:0 a.m.4 views

IBM CICS TX Standard and Advanced 跨站脚本漏洞

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM CICS TX Standard and Advanced version 11.1. An attacker exploited the...

5.4CVSS6.3AI score0.00541EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/07 12:0 a.m.1 views

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

5.8CVSS6.1AI score0.00887EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/07/06 12:0 a.m.1 views

CVE-2022-34167

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS6AI score0.00541EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/06/24 4:15 p.m.2 views

CVE-2022-31767

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980...

9.8CVSS6.1AI score0.04659EPSS
Exploits0References3
NVD
NVD
added 2021/11/03 12:15 a.m.16 views

CVE-2021-20702

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...

9.8CVSS0.02131EPSS
Exploits0References1
Prion
Prion
added 2021/11/03 12:15 a.m.11 views

Buffer overflow

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...

7.5CVSS9.7AI score0.02131EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2021/11/03 12:15 a.m.17 views

Input validation

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to rea...

5CVSS7.8AI score0.00954EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2021/11/03 12:15 a.m.16 views

Buffer overflow

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...

7.5CVSS9.7AI score0.02073EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2021/11/02 11:30 p.m.57 views

CVE-2021-20707

CVE-2021-20707 is an input-validation vulnerability in NEC ClusterPRO X and EXPRESSCLUSTER X, specifically affecting the Transaction Server. Multiple sources (NVD/NJC/JVN/Red Hat, PRION) describe that versions up to 4.3 for Windows and earlier, including 4.3 SingleServerSafe variants, allow a rem...

7.5CVSS7.8AI score0.00954EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2021/11/02 11:30 p.m.25 views

CVE-2021-20707

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to rea...

8AI score0.00954EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/02 11:30 p.m.18 views

CVE-2021-20703

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...

9.9AI score0.02073EPSS
Exploits0References1
CVE
CVE
added 2021/11/02 11:30 p.m.74 views

CVE-2021-20703

CVE-2021-20703 is a buffer overflow vulnerability in NEC CLUSTERPRO X and EXPRESSCLUSTER X, affecting the Transaction Server on Windows up to version 4.3 (and SingleServerSafe variants). The root cause is memory/bounds corruption in the Transaction Server allowing remote code execution via networ...

9.8CVSS9.7AI score0.02073EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2021/11/02 11:30 p.m.55 views

CVE-2021-20702

CVE-2021-20702 is a buffer overflow vulnerability in NEC CLUSTERPRO X/EXPRESSCLUSTER X products. The Transaction Server component in CLUSTERPRO X 4.3 for Windows and earlier, and EXPRESSCLUSTER X 4.3 for Windows and earlier (including SingleServerSafe variants) is affected, with the underlying is...

9.8CVSS9.7AI score0.02131EPSS
Exploits0References1Affected Software4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 6:22 a.m.4 views

Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700, CVE-2021-20701 Buffer overflow in the Transaction Server CWE-119 - CVE-2021-20702, CVE-2021-20703 Buffer overflow in th...

10CVSS8.1AI score0.02131EPSS
Exploits0References20
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.11 views

NEC Corporation CLUSTERPRO缓冲区错误漏洞

NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...

9.8CVSS9.2AI score0.02073EPSS
Exploits0References3
Rows per page
Query Builder