273 matches found
PT-2021-17115 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: The issue is an OS Command Injection vulnerability that occurs when changing date settings or hostname using t...
PT-2021-17116 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: A Path Traversal issue exists when changing the timezone using the web GUI, allowing an authenticated...
CVE-2021-3122
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...
Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
Summary An authenticated command path traversal vulnerability in the management interface allows an authenticated administrator to read-protected system files. Impact Authenticated web GUI administrator can force the system to copy system files to the wrong location allowing him to read the...
The vulnerability of the CMC module of the SAP BusinessObjects Business Intelligence platform allows a hacker to disclose protected information or cause service interruptions.
The vulnerability of the CMC module of the SAP BusinessObjects Business Intelligence platform is related to errors in processing XML requests. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service failures...
CVE-2019-19393
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...
CVE-2019-19393
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...
Design/Logic Flaw
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...
CVE-2019-19393
The CVE-2019-19393 affects Rittal CMC PU III devices (7010/7030 series) with versions V3.00 to V3.15.70_4, where the Web application does not sanitize input on the system configurations page, enabling persistent XSS. This allows an attacker to backdoor the device by injecting HTML/browser-side sc...
CVE-2019-19393
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...
CVE-2020-25050
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...
CVE-2020-25050
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...
CVE-2020-25050
CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...
CVE-2020-25050
An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...
CVE-2020-6300
CVE-2020-6300 affects SAP Business Objects BI Platform (Central Management Console), versions 4.2 and 4.3. The Root Cause is insufficient encoding of user-controlled inputs for the RecycleBin, enabling a Stored XSS vulnerability. An attacker with administrator rights can use the web app to send m...
Cross site scripting
SAP Business Objects Business Intelligence Platform BI Launchpad and CMC, versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting...
Cross-site request forgery attack on change password form
Summary Change password doesn't validate CSRF token properly. Impact An attacker can force the victim to change password without knowing. To successfully complete this attack the victim needs to be logged to the Guardian/CMC and visit a special prepared page containing the forged change password...
Cross site scripting
SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...
CVE-2020-6195
The CVE-2020-6195 entry applies to SAP Business Objects Business Intelligence Platform (CMC) versions 4.1 and 4.2, where the response can contain a cleartext password. The underlying issue is information disclosure via exposed credentials, which, if exploited via social engineering to obtain a pa...