Lucene search
K

7 matches found

Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.282 views

BMC Compuware iStrobe Web 20.13 Shell Upload

!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/15 12:0 a.m.334 views

BMC Compuware iStrobe Web - 20.13 - Pre-auth Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.36 views

Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controll...

5.3CVSS6AI score0.00579EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/10/19 7:0 p.m.25 views

GHSA-682J-2P53-XP5F Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controll...

4.3CVSS5.7AI score0.00579EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.39 views

Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

8.2CVSS7.9AI score0.0085EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/28 12:0 a.m.22 views

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

4.3CVSS6.7AI score0.00605EPSS
Exploits0References5
OSV
OSV
added 2022/07/28 12:0 a.m.23 views

GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

4.3CVSS8.2AI score0.0085EPSS
Exploits0References4
Rows per page
Query Builder