Lucene search
K

374 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.22 views

The vulnerability of the ABB VPNI function in the S+ Control API of the software for management and monitoring of ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst allows a perpetrator to trigger a service failure.

The vulnerability of the ABB VPNI function in the S+ Control API of the ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst software for management and monitoring systems is related to errors in processing relative paths. Exploiting this vulnerability can allow attackers to cause...

7.8CVSS5.5AI score0.00608EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/10/23 6:15 p.m.22 views

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS0.00941EPSS
Exploits0References1
OSV
OSV
added 2024/10/23 6:15 p.m.7 views

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS6.1AI score0.00941EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/23 4:0 p.m.15 views

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS9.8AI score0.00941EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/10 11:0 a.m.11 views

6 Simple Steps to Eliminate SOC Analyst Burnout

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/15 1:30 p.m.8 views

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/10 12:0 a.m.5 views

The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and AWS Spotfire for AWS Marketplace analytical platforms, allow attackers to execute arbitrary code.

The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and the analytics platform based on cloud services AWS Spotfire for AWS Marketplace, are related to insufficient validation of input data. Exploiting...

9.9CVSS5.9AI score0.00587EPSS
Exploits0References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2024/06/27 7:15 p.m.3 views

CVE-2024-3331

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

6.8CVSS5.8AI score0.0038EPSS
Exploits0References2Affected Software5
Vulnrichment
Vulnrichment
added 2024/06/27 6:50 p.m.14 views

CVE-2024-3331 Spotfire: NTLM token leakage

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

6.8CVSS7AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:50 p.m.38 views

CVE-2024-3331 Spotfire: NTLM token leakage

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

6.8CVSS0.0038EPSS
Exploits0References1
CVE
CVE
added 2024/06/27 6:50 p.m.50 views

CVE-2024-3331

CVE-2024-3331 affects TIBCO Spotfire products: Enterprise Runtime for R - Server Edition (1.12.7–1.20.0), Statistics Services (12.0.7–12.3.1, 14.0.0–14.3.0), Analyst (12.0.9–12.5.0, 14.0.0–14.3.0), Desktop (14.0–14.3.0), and Server (12.0.10–12.5.0, 14.0.0–14.3.0). The issue is described as an NTL...

6.8CVSS6.7AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:37 p.m.27 views

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

9.9CVSS0.00587EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.5 views

Multiple TIBCO Software Products Security Vulnerabilities

TIBCO Software Spotfire Server and others are products of TIBCO Software, Inc. TIBCO Software Spotfire Server is a platform for integrating, running and managing organizations based on TIBCO Spotfire a data analysis and mining tool.TIBCO Software Spotfire Statistics Services is a comprehensive...

6.8CVSS7AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.6 views

Multiple TIBCO Software Products Security Vulnerabilities

TIBCO Software Spotfire Server and TIBCO Software Spotfire Analyst are both products of TIBCO Software, Inc. of the U.S.A. TIBCO Software Spotfire Server is a suite of data analysis and mining tools based on TIBCO Spotfire that provide integration and management for organizations. TIBCO Software...

9.9CVSS6.9AI score0.00587EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/08 2:33 p.m.55 views

Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag

The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...

9CVSS7.2AI score0.00368EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 3:48 p.m.45 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...

9.8CVSS8AI score0.01613EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-4654 · Tibco · Spotfire For Aws Marketplace +2

Name of the Vulnerable Software and Affected Versions: Spotfire Analyst versions 12.0.9 through 12.5.0 Spotfire Analyst versions 14.0 through 14.0.2 Spotfire Server versions 12.0.10 through 12.5.0 Spotfire Server versions 14.0 through 14.0.3 Spotfire Server versions 14.2.0 through 14.3.0 Spotfire...

9.9CVSS8AI score0.00587EPSS
Exploits0References6
NVD
NVD
added 2024/04/03 7:15 p.m.21 views

CVE-2024-0335

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...

7.5CVSS7.5AI score0.00608EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 6:53 p.m.12 views

CVE-2024-0335 Malformed Packet Handling

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...

7.5CVSS7.5AI score0.00608EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 6:53 p.m.88 views

CVE-2024-0335

CVE-2024-0335 concerns ABB Symphony Plus S+ products (Operations, Engineering, Analyst) with a vulnerability in the ABB VPNI feature of the S+ Control API. The issue stems from errors in processing relative paths within VPNI, which can enable denial of service. Affected versions include S+ Operat...

7.5CVSS7.5AI score0.00608EPSS
Exploits0References1
Rows per page
Query Builder