11 matches found
The vulnerability of the Microsoft Dataverse data management platform, which arises from incorrect handling of insufficient permissions or privileges, allows a perpetrator to escalate their privileges.
The vulnerability of the Microsoft Dataverse data management platform is related to the improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Microsoft Dataverse data management platform, related to deficiencies in deserialization mechanisms, allows attackers to execute arbitrary code.
The vulnerability of the Microsoft Dataverse data management platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2025-27617
Pimcore is affected by a SQL injection in the getRelationFilterCondition path prior to version 11.5.4. Authenticated users can craft a filter string that leads to SQL injection, potentially exposing or modifying data. The issue is addressed by upgrading Pimcore to version 11.5.4 or newer. Documen...
The vulnerability of the Microsoft Dataverse data management platform, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Dataverse data management platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to increase their privileges remotely...
The vulnerability of the SAP Master Data Governance data management platform lies in the absence of authentication procedures, which allow attackers to escalate their privileges and disclose protected information.
The vulnerability of the SAP Master Data Governance data management platform is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges and disclose sensitive information...
Security Bulletin: IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Standard contains a component called EDB Failover Manager EFM and uses a version of Apache Log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID:...
Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Enterprise contains a component called EDB failover manager EFM and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105...
Security Bulletin: EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard) are vulnerable to an SQL Injection (CVE-2021-23214)
Summary EDB PostreSQL with IBM and EDB Postgres Advanced Server with IBM are vulnerable to an SQL Injection Vulnerability Details CVEID: CVE-2021-23214 DESCRIPTION: PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements when the server is configur...
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
AVEVA Enterprise Data Management Web
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Enterprise Data Management Web Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL...
OSIsoft PI Integrator
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Integrator Vulnerabilities: Cross-Site Scripting, Improper Authorization AFFECTED PRODUCTS The following versions of PI Integrator, a data management platform, are affected: PI Integrator for SAP...