CVE-2025-37087

A vulnerability in the cmdb service of the HPE Performance Cluster Manager HPCM could allow an attacker to gain access to an arbitrary file on the server host...

Hewlett Packard Enterprise Performance Cluster Manager 安全漏洞

Hewlett Packard Enterprise Performance Cluster Manager is a security vulnerability in Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise Performance Cluster Manager that stems from a problem with the cmdb service and could result in access to arbitrary files...

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM

Introducing the Revamped VMDR & Core Apps Qualys has the dynamic duo of ServiceNow Apps – The Qualys Core App and Qualys VMDR App – that help you close the gap between IT and Security teams, making vulnerability management and ticketing workflows seamless and eliminating manual spreadsheet-based...

Proactive Visibility Is Foundational to Strong Cybersecurity

Authored by Guest IDC Blogger: Michelle Abraham Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital...

CVE-2024-8749

SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isysapimodelcmdbobjectsbyrelation.class.php and retrieve all the information stored in the...

Malicious code in cmdb-worker-pckg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0039cc4672b957b253c70bf7a3d084574f8a10d21d6bc42d0fac2f2a3fd8400 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-11558 Malicious code in cmdb-worker-pckg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0039cc4672b957b253c70bf7a3d084574f8a10d21d6bc42d0fac2f2a3fd8400 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Enhance existing security workflows with high-fidelity cloud security data from Wiz in ServiceNow

Add Wiz’s cloud and container security context to your organization's ServiceNow CMDB, vulnerability response, and IT service management solutions...

Unveiling the Hidden Power of the CMDB in Cybersecurity

In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

Server side request forgery (ssrf)

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

CVE-2024-22873

CVE-2024-22873 affects Tencent Blueking CMDB versions 3.2.x–3.9.x. The vulnerability is a Server-Side Request Forgery in the event subscription function (/service/subscription.go) that allows an attacker to access internal requests via a crafted POST. CVSS data in the initial document indicates h...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

PT-2024-19593 · Tencent · Tencent Blueking Cmdb

Name of the Vulnerable Software and Affected Versions: Tencent Blueking CMDB versions 3.2.x through 3.9.x Description: The issue is related to Server-Side Request Forgery SSRF via the event subscription function, located at the /service/subscription.go endpoint. This allows attackers to access...

CVE-2022-34125

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...

CVE-2022-34125

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...

Design/Logic Flaw

front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter...