137 matches found
CVE-2022-33955
IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312...
CVE-2022-34163
IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333...
CVE-2022-34161
IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331...
CVE-2022-34167
IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
PT-2022-22029 · Ibm · Ibm Cics Tx Standard +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Th...
IBM CICS TX Standard and Advanced 跨站脚本漏洞
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM CICS TX Standard and Advanced version 11.1. An attacker exploited the...
CVE-2022-34160
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...
CVE-2022-34167
IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2022-31767
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980...
CVE-2021-20702
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...
Buffer overflow
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...
Input validation
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to rea...
Buffer overflow
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...
CVE-2021-20707
CVE-2021-20707 is an input-validation vulnerability in NEC ClusterPRO X and EXPRESSCLUSTER X, specifically affecting the Transaction Server. Multiple sources (NVD/NJC/JVN/Red Hat, PRION) describe that versions up to 4.3 for Windows and earlier, including 4.3 SingleServerSafe variants, allow a rem...
CVE-2021-20707
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to rea...
CVE-2021-20703
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code...
CVE-2021-20703
CVE-2021-20703 is a buffer overflow vulnerability in NEC CLUSTERPRO X and EXPRESSCLUSTER X, affecting the Transaction Server on Windows up to version 4.3 (and SingleServerSafe variants). The root cause is memory/bounds corruption in the Transaction Server allowing remote code execution via networ...
CVE-2021-20702
CVE-2021-20702 is a buffer overflow vulnerability in NEC CLUSTERPRO X/EXPRESSCLUSTER X products. The Transaction Server component in CLUSTERPRO X 4.3 for Windows and earlier, and EXPRESSCLUSTER X 4.3 for Windows and earlier (including SingleServerSafe variants) is affected, with the underlying is...
Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700, CVE-2021-20701 Buffer overflow in the Transaction Server CWE-119 - CVE-2021-20702, CVE-2021-20703 Buffer overflow in th...
NEC Corporation CLUSTERPRO缓冲区错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...