81 matches found
Vulnerabilities fixed in IBM Cognos Command Center
IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...
CVE-2025-1994
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...
CVE-2025-1994
CVE-2025-1994 affects IBM Cognos Command Center versions 10.2.4.1 and 10.2.5. The root cause is unsafe use of the BinaryFormatter function, enabling a local user to execute arbitrary code on the system. Confirmed details from multiple sources indicate local code execution risk with high impact ac...
CVE-2025-1994 IBM Cognos Command Center code execution
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...
CVE-2025-1994 IBM Cognos Command Center code execution
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...
IBM Cognos Command Center 安全漏洞
IBM Cognos Command Center is a solution for automating business processes that simplifies operational complexity across multiple software environments by allowing users to view, execute and monitor automated processes through a single interface. A code execution vulnerability exists in IBM Cognos...
PT-2025-34791 · Ibm · Ibm Cognos Command Center
Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: IBM Cognos Command Center versions 10.2.4.1 and 10.2.5 may allow a local user to execute arbitrary code on the system due to the unsafe use of the BinaryFormatter functio...
CVE-2025-34153
CVE-2025-34153 affects Hyland OnBase versions prior to 17.0.2.87. The vulnerability arises from insecure deserialization on the .NET Remoting TCP channel, where a listener on port 6031 (TimerServer, Hyland.Core.Timers.dll) deserializes untrusted input via BinaryFormatter, allowing unauthenticated...
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2023-32737
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within...
CVE-2020-25258
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages...
Atlas (Havelsan) Insecure Deserialization
Atlas Havelsan suffers from a BinaryFormatter insecure deserialization vulnerability. Exploit Title: Havelsan Atlas HBYS - Insecure Deserialization RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/havelsan/atlas Version: latest Tested on: Windows 10 - 64bit CVE: N...
Sitecore CVE-2025-27218 BinaryFormatter Deserialization
This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
Siemens SIMATIC STEP Deserialization Vulnerability
Siemens SIMATIC STEP is a comprehensive engineering tool for configuring and programming SIMATIC controllers from Siemens, Germany. A deserialization vulnerability exists in Siemens SIMATIC STEP, which arises from an affected application failing to properly restrict .NET BinaryFormatter when...
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...
CVE-2023-32737
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within...
CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...
CVE-2023-32737
CVE-2023-32737 affects SIMATIC STEP 7 Safety V18 (all versions
CVE-2023-32735
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 All versions V16 Update 7, SIMATIC STEP 7 Safety V17 All versions V17 Update 7, SIMATIC STEP 7 Safety V18 All versions V18 Update 2, SIMATIC STEP 7 V16 All versions V16 Update 7, SIMATIC STEP 7 V17 All versions V17 Update 7, SIMATIC...