CVE-2021-20700

CVE-2021-20700 affects NEC’s CLUSTERPRO X and EXPRESSCLUSTER X (Windows) up to 4.3 and related SingleServerSafe variants. The vulnerability is a Buffer overflow in the Disk Agent (CWE-119) that can allow remote code execution over the network. Affected components include Disk Agent, Transaction S...

JVN#69304877: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700、CVE-2021-20701 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

NEC Corporation CLUSTERPRO 和 EXPRESSCLUSTER 缓冲区错误漏洞

Nec Expresscluster X is a specialized high availability cluster software from Nec Corporation of Japan. It is used to initiate a fast restore function and continuously protect critical applications and data.NEC Corporation CLUSTERPRO is a HA cluster software from NEC. A buffer error vulnerability...

NEC Corporation CLUSTERPRO 输入验证错误漏洞

NEC Corporation CLUSTERPRO is a HA clustering software from NEC. An input validation error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0, which stems from insufficient validation of user-supplied input in the software's WebManager. A remote...

NEC Corporation CLUSTERPRO 输入验证错误漏洞

NEC Corporation CLUSTERPRO is a HA clustering software from NEC. An input validation error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0, which stems from insufficient validation of user-supplied input in the software's WebManager. A remote...

NEC Corporation CLUSTERPRO缓冲区错误漏洞

NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...

Architecture Guideline for NEC EXPRESSCLUSTER X

Challenge When using NEC EXPRESSCLUSTER X NEC CLUSTERPRO X in Japan Market with Veeam Agent for Microsoft Windows or Veeam Backup & Replication, there are specific configuration requirements to ensure successful backup and restores. Solution Please refer to the Software Integration Guide on the N...

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection XXE vulnerability CWE-611. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Informatio...

NEC EXPRESSCLUSTER X-1 on Linux Solaris Directory Traversal Vulnerability

NEC EXPRESSCLUSTER X on Windows, Linux, and Solaris is a suite of clustering software dual hot standby software from Nippon Electric Company NEC for Windows, Linux, and Solaris platforms. The software provides features such as shared disk arrays, automatic error detection and notification, and...

CVE-2016-1145

Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2016-1145

Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2016-1145

The CVE-2016-1145 entry describes a directory traversal flaw in NEC EXPRESSCLUSTER X WebManager. Affected: EXPRESSCLUSTER X 3.3 for Windows (build 11.31) and WebManager 3.3 3.3.1-1 for Linux/Solaris. Impact: remote attacker can read arbitrary server files via unspecified vectors. Root cause: dire...

EXPRESSCLUSTER X vulnerable to directory traversal

Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

JVN#03050861: EXPRESSCLUSTER X vulnerable to directory traversal

EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Impact Arbitrary files on the server may be viewed by an attacker who can access to the WebManager. Solution Updat...