Lucene search
K

2321 matches found

CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

5.4CVSS6AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/10 3:49 p.m.16 views

CVE-2024-28781 IBM UrbanCode Deploy cross-site scripting

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

5.4CVSS5.3AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2024/05/10 3:49 p.m.74 views

CVE-2024-28781

The CVE-2024-28781 entry covers Cross‑Site Scripting in IBM UrbanCode Deploy (UCD). Affected versions are 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4, and 8.0–8.0.0.1, where arbitrary JavaScript can be embedded in the Web UI, potentially altering functionality and exposing credentials wi...

5.4CVSS6AI score0.00276EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.4 views

PT-2024-22571 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM UrbanCode Deploy versions 8.0 throug...

5.4CVSS7AI score0.00276EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 8:5 p.m.23 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

5.4CVSS5.3AI score0.00276EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2024/04/26 7:33 a.m.25 views

Privilege Escalation

github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to improper security controls in the MSI package installer that allow a local user to manipulate the GLPI server URL or disable the agent service, and in some cases, configure a malicious server to...

7.8CVSS7AI score0.00224EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/19 3:15 p.m.20 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.7AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 3:15 p.m.3 views

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

7.2CVSS5.8AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/19 2:17 p.m.26 views

CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

5.9CVSS6AI score0.00587EPSS
Exploits0References2
CVE
CVE
added 2024/04/19 2:17 p.m.72 views

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

7.2CVSS6.8AI score0.00587EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...

5.9CVSS7.2AI score0.00587EPSS
Exploits0References5
Hacker One
Hacker One
added 2024/04/18 2:43 p.m.19 views

GitHub: View private repository NWO of deploy key via internal LFS API

The vulnerability allowed an attacker to enumerate the names of private repositories that utilized deploy keys in GitHub Enterprise Server. The vulnerability did not provide unauthorized access to any repository content besides the repository names. This vulnerability affected all versions of...

6.3CVSS5.1AI score0.00492EPSS
Exploits0
OSV
OSV
added 2024/04/17 8:15 p.m.3 views

CVE-2024-21989

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...

8.8CVSS5.8AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/04/17 8:15 p.m.12 views

CVE-2024-21989

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...

8.8CVSS8.1AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/04/17 8:15 p.m.24 views

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

9.8CVSS5.3AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2024/04/17 8:15 p.m.4 views

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

9.8CVSS5.8AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 7:35 p.m.15 views

CVE-2024-21990 Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

5.4CVSS6.6AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 7:35 p.m.27 views

CVE-2024-21990 Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

5.4CVSS5.6AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 7:32 p.m.63 views

CVE-2024-21989

CVE-2024-21989 affects NetApp ONTAP Select Deploy administration utility (versions 9.12.1.x, 9.13.1.x, 9.14.1.x). A read-only user can escalate privileges due to the vulnerability. Connected advisories confirm affected versions and privilege escalation risk; mitigation guidance varies—PT-Security...

8.8CVSS7AI score0.00431EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/17 7:32 p.m.26 views

CVE-2024-21989 Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges...

8.1CVSS8.3AI score0.00431EPSS
Exploits0References1
Rows per page
Query Builder