Lucene search
+L

66 matches found

cnnvd
cnnvd
added 2024/03/28 12:0 a.m.6 views

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...

4CVSS6.1AI score0.0026EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/03/28 12:0 a.m.8 views

HCL BigFix Platform 代码问题漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...

7.2CVSS6.8AI score0.00371EPSS
Exploits0References2
osv
osv
added 2023/01/18 9:15 p.m.3 views

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

8.8CVSS5.8AI score0.16972EPSS
Exploits3References3
nvd
nvd
added 2023/01/18 9:15 p.m.24 views

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

8.8CVSS8.6AI score0.16972EPSS
Exploits3References3
prion
prion
added 2023/01/18 9:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

6.5CVSS8.5AI score0.16972EPSS
Exploits3References3Affected Software1
cvelist
cvelist
added 2023/01/18 12:0 a.m.24 views

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

8.8AI score0.16972EPSS
Exploits3References3
cnnvd
cnnvd
added 2023/01/18 12:0 a.m.8 views

OpenText Content Suite Platform 代码问题漏洞

OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. It can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1, which...

8.8CVSS7.9AI score0.16972EPSS
Exploits3References4
bdu_fstec
bdu_fstec
added 2021/08/31 12:0 a.m.7 views

The vulnerability of the WebReports server, the WebStation user interface, and the Enterprise Server installer, as well as the Enterprise Central installer, is related to insufficient protection of the web page structure, allowing a hacker to execute arbitrary code.

The vulnerabilities of the WebReports server, the WebStation user interface, and the Enterprise Server installer, as well as the Enterprise Central installer, are related to insufficient protection of the web page structure. Exploiting these vulnerabilities allows a malicious actor to execute...

5CVSS6.8AI score0.00924EPSS
Exploits0References2Affected Software4
bdu_fstec
bdu_fstec
added 2021/04/01 12:0 a.m.6 views

The vulnerability of the WebReports server lies in its ability to allow unlimited loading of malicious files, enabling attackers to upload malware and execute arbitrary code.

The vulnerability of the WebReports report server is related to the unlimited download of malicious files. Exploiting this vulnerability allows a remote attacker to download malicious files and execute arbitrary code...

9CVSS8AI score0.02292EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/04/01 12:0 a.m.9 views

The vulnerability of WebReports servers stems from insufficient protection of the website structure, allowing attackers to upload malicious files and execute arbitrary code.

The vulnerability of the WebReports report server is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to download malicious files and execute arbitrary code...

5.5CVSS6.2AI score0.00835EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/04/01 12:0 a.m.9 views

The vulnerability of the WebReports server lies in the improper limitation of XML links to external objects. This allows attackers to disclose protected information or cause service failures.

The vulnerability of the WebReports report server is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information or cause service failures...

9CVSS7.6AI score0.01784EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/04/01 12:0 a.m.7 views

The vulnerability of the WebReports server report processing system, related to inadequate access control mechanisms, allows attackers to escalate their privileges.

The vulnerability of the WebReports report server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to increase their privileges...

6.5CVSS6.5AI score0.01356EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2021/04/01 12:0 a.m.7 views

The vulnerability of WebReports servers stems from insufficient protection of the website structure, allowing attackers to upload malicious files and execute arbitrary code.

The vulnerability of the WebReports report server is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to download malicious files and execute arbitrary code...

5.5CVSS6.2AI score0.00835EPSS
Exploits0References3Affected Software1
ics
ics
added 2021/03/04 12:0 a.m.346 views

ICSA-21-063-02_Schneider Electric EcoStruxure Building Operation (EBO)

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...

8.8CVSS8.5AI score0.02292EPSS
Exploits0References2
cnvd
cnvd
added 2020/11/20 12:0 a.m.10 views

Schneider Electric EcoStruxure Building Operation WebReports Improper Access Control Vulnerability

EcoStruxure Building Operation WebReports is a web application for creating, viewing and managing reports. An improper access control vulnerability exists in EcoStruxure Building Operation WebReports 1.9 - 3.1. A remote attacker could exploit this vulnerability to access restricted web resources...

6.5CVSS6.8AI score0.01356EPSS
Exploits0References1
osv
osv
added 2020/11/19 10:15 p.m.2 views

CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

8.8CVSS6AI score
Exploits0References1
nvd
nvd
added 2020/11/19 10:15 p.m.25 views

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

5.4CVSS5.8AI score0.00835EPSS
Exploits0References1
nvd
nvd
added 2020/11/19 10:15 p.m.20 views

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.5CVSS7AI score0.01356EPSS
Exploits0References1
osv
osv
added 2020/11/19 10:15 p.m.5 views

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

5.4CVSS6.2AI score0.00835EPSS
Exploits0References1
osv
osv
added 2020/11/19 10:15 p.m.5 views

CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

8.8CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder