CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/05/17 8:15 p.m.•2 views

CVE-2022-24393

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “checkverticaupgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

8.8CVSS5.9AI score

OSV•added 2022/05/17 8:15 p.m.•2 views

CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

8.8CVSS5.9AI score

NVD•added 2022/05/17 8:15 p.m.•11 views

CVE-2022-24394

9CVSS0.00616EPSS

NVD•added 2022/05/17 8:15 p.m.•9 views

CVE-2022-24392

9CVSS0.00616EPSS

NVD•added 2022/05/17 8:15 p.m.•7 views

CVE-2022-24393

9CVSS0.00616EPSS

NVD•added 2022/05/17 8:15 p.m.•9 views

CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...

8.8CVSS0.00365EPSS

OSV•added 2022/05/17 8:15 p.m.•2 views

CVE-2022-24391

8.8CVSS5.8AI score

Prion•added 2022/05/17 8:15 p.m.•19 views

Sql injection

6.5CVSS8.8AI score0.00365EPSS

Prion•added 2022/05/17 8:15 p.m.•14 views

Command injection

9CVSS8.9AI score0.00616EPSS

Prion•added 2022/05/17 8:15 p.m.•10 views

Command injection

9CVSS8.9AI score0.00616EPSS

CVE•added 2022/05/17 7:26 p.m.•92 views

CVE-2022-24391

CVE-2022-24391 affects Fidelis Network and Deception CommandPost. The web interface is vulnerable to SQL injection when accessed by a user with basic (user) privileges, potentially enabling malicious input to alter queries. Affected versions are Fidelis Network and Deception prior to 9.4.5. Patch...

8.8CVSS9AI score0.00365EPSS

CVE•added 2022/05/17 7:24 p.m.•84 views

CVE-2022-24393

The vulnerability CVE-2022-24393 affects Fidelis Network and Deception CommandPost. It allows authenticated command injection via the web interface by abusing the check_vertica_upgrade value for the cpIp parameter. An attacker with an authenticated session could craft an HTTP request to execute s...

9CVSS9.1AI score0.00616EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•3 views

CVE-2022-24392

9CVSS7.4AI score0.00616EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•2 views

CVE-2022-24391

8.8CVSS7.4AI score0.00365EPSS

ATTACKERKB•added 2022/05/16 3:30 p.m.•3 views

CVE-2022-24393

9CVSS7.4AI score0.00616EPSS

OSV•added 2021/06/25 12:15 p.m.•0 views

CVE-2021-35050

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versio...

7.5CVSS5.7AI score

OSV•added 2021/06/25 12:15 p.m.•2 views

CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...

9.8CVSS7.3AI score

OSV•added 2021/06/25 12:15 p.m.•1 views

CVE-2021-35049

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated...

8.8CVSS5.9AI score