Lucene search
+L

273 matches found

Positive Technologies
Positive Technologies
added 2021/02/22 12:0 a.m.6 views

PT-2021-17115 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: The issue is an OS Command Injection vulnerability that occurs when changing date settings or hostname using t...

9CVSS8.1AI score0.03074EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/02/22 12:0 a.m.7 views

PT-2021-17116 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: A Path Traversal issue exists when changing the timezone using the web GUI, allowing an authenticated...

8.6CVSS7AI score0.01059EPSS
Exploits0References4
OSV
OSV
added 2021/02/07 8:15 p.m.6 views

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

9.8CVSS7.5AI score0.87383EPSS
Exploits3References3
NOZOMI
NOZOMI
added 2021/02/04 12:0 a.m.8 views

Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Summary An authenticated command path traversal vulnerability in the management interface allows an authenticated administrator to read-protected system files. Impact Authenticated web GUI administrator can force the system to copy system files to the wrong location allowing him to read the...

8.6CVSS6.8AI score0.01059EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.5 views

The vulnerability of the CMC module of the SAP BusinessObjects Business Intelligence platform allows a hacker to disclose protected information or cause service interruptions.

The vulnerability of the CMC module of the SAP BusinessObjects Business Intelligence platform is related to errors in processing XML requests. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service failures...

8.5CVSS7.4AI score0.022EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/01 5:15 p.m.21 views

CVE-2019-19393

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

6.1CVSS0.00846EPSS
Exploits0References2
OSV
OSV
added 2020/10/01 5:15 p.m.5 views

CVE-2019-19393

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

6.1CVSS6.4AI score0.00846EPSS
Exploits0References2
Prion
Prion
added 2020/10/01 5:15 p.m.15 views

Design/Logic Flaw

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

4.3CVSS6AI score0.00846EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/01 4:55 p.m.58 views

CVE-2019-19393

The CVE-2019-19393 affects Rittal CMC PU III devices (7010/7030 series) with versions V3.00 to V3.15.70_4, where the Web application does not sanitize input on the system configurations page, enabling persistent XSS. This allows an attacker to backdoor the device by injecting HTML/browser-side sc...

6.1CVSS5.9AI score0.00846EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/01 4:55 p.m.31 views

CVE-2019-19393

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

6.1AI score0.00846EPSS
Exploits0References2
OSV
OSV
added 2020/08/31 9:15 p.m.6 views

CVE-2020-25050

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...

7.5CVSS5.8AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2020/08/31 9:15 p.m.20 views

CVE-2020-25050

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...

7.5CVSS7.5AI score0.00431EPSS
Exploits0References1
Prion
Prion
added 2020/08/31 9:15 p.m.17 views

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...

5CVSS7.5AI score0.00431EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/08/31 8:25 p.m.47 views

CVE-2020-25050

CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...

7.5CVSS7.4AI score0.00431EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/08/31 8:25 p.m.29 views

CVE-2020-25050

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 August 2020...

7.5AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2020/08/12 1:45 p.m.56 views

CVE-2020-6300

CVE-2020-6300 affects SAP Business Objects BI Platform (Central Management Console), versions 4.2 and 4.3. The Root Cause is insufficient encoding of user-controlled inputs for the RecycleBin, enabling a Stored XSS vulnerability. An attacker with administrator rights can use the web app to send m...

4.8CVSS4.9AI score0.00527EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/14 1:15 p.m.20 views

Cross site scripting

SAP Business Objects Business Intelligence Platform BI Launchpad and CMC, versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting...

3.5CVSS5.3AI score0.00536EPSS
Exploits0References2Affected Software1
NOZOMI
NOZOMI
added 2020/05/26 12:0 a.m.9 views

Cross-site request forgery attack on change password form

Summary Change password doesn't validate CSRF token properly. Impact An attacker can force the victim to change password without knowing. To successfully complete this attack the victim needs to be logged to the Guardian/CMC and visit a special prepared page containing the forged change password...

8.8CVSS6.9AI score
Exploits0Affected Software2
Prion
Prion
added 2020/05/12 6:15 p.m.15 views

Cross site scripting

SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

3.5CVSS5.3AI score0.00536EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/04/14 7:36 p.m.85 views

CVE-2020-6195

The CVE-2020-6195 entry applies to SAP Business Objects Business Intelligence Platform (CMC) versions 4.1 and 4.2, where the response can contain a cleartext password. The underlying issue is information disclosure via exposed credentials, which, if exploited via social engineering to obtain a pa...

9.8CVSS9.5AI score0.00628EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder