MAL-2025-10885 Malicious code in @zalastax/nolb-cem (npm)

The package @zalastax/nolb-cem was found to contain malicious code...

Malicious code in @zalastax/nolb-cem (npm)

The package @zalastax/nolb-cem was found to contain malicious code...

SAML SSO failure happens after renewing SAML certificate since CEM 24.4.0

When to use CEM as the SAML SSO Identity Provider IDP, following failure is reported in Splunk logs after renewing SAML certificate since CEM 24.4.0 "Exception occurred while reading the keyStore java.io.IOException: exception unwrapping private key - java.security.InvalidKeyException: pad block...

cem-instruments.in Cross Site Scripting vulnerability OBB-3927942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cem-vivant.com Improper Access Control vulnerability OBB-3795385

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cem-vivant.de Improper Access Control vulnerability OBB-3766826

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CEM 23.6.0 - Apple Restriction Policy not getting deployed on iOS DEP Devices

There is a known issue with Apple Restriction Policy not getting deployed on iOS DEP Devices when using CEM 23.6.0...

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Unable to integrate Azure Active Directory as IDP directly on CEM

While performing AAD integration in CEM console, it shows error stating 'Your IDP settings could not be saved. The connection failed. Please review the information you entered.' We do not see any errors in the CEM logs for above issue...

CVE-2021-27663

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5...

Authorization

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5...

CVE-2021-27663 CEM Systems AC2000

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5...

CVE-2021-27663

Johnson Controls CEM Systems AC2000 is affected for versions 10.1–10.5. The issue is improper authorization that can allow a remote attacker to access the system without adequate authentication. Affected component is the AC2000 application (and related API/SSO context per ICS evidence). Impact is...

CEM Systems AC2000 安全漏洞

CEM Systems AC2000 is a UK based access control and security management system. A security vulnerability exists in CEM Systems AC2000 versions 10.1 to 10.5, which arises from the fact that in some cases the application does not perform proper authorization checks for functions that require proof ...

Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Controlled Electronic Management Systems Ltd., a subsidiary of Johnson Controls Inc Equipment: CEM Systems AC2000 Vulnerability: Improper Authorization 2. RISK EVALUATION Under specific conditions,...

Citrix Endpoint Management (CEM) Security Update

Description of Problem Multiple vulnerabilities have been discovered inCitrix Endpoint Management CEM,also referred to asXenMobile. These vulnerabilitieshavethe following identifiers: CVE-2020-8208 CVE-2020-8209 CVE-2020-8210 CVE-2020-8211 CVE-2020-8212 CVE-2020-8253 The following versions ofCitr...

Security Bulletin: Vulnerability in Apache Commons Codec affects Netcool/OMNIbus CEM Gateway and ServiceNow Gateway

Summary Netcool/OMNIbus CEM Gateway and ServiceNow Gateway are vulnerable to remote attack to obtain sensitive info by exploiting the weakness in Apache Commons Codec. CVE-177835 Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base...

Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Google Dork: N/A Date: 2020-02-21 Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version:...

Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service Exploit

Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version: Google Chrome 80.0.3987.87 Tested on: Windows x64 / Linux Debian x64 / MacOS CVE: CVE-2020-6404 PoC Video:...

Pale Moon Browser 27.9.3 - Use After Free (PoC)

Pale Moon Browser 27.9.3 - Use After Free PoC Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList';...