124 matches found
CVE-2021-20700
CVE-2021-20700 affects NEC’s CLUSTERPRO X and EXPRESSCLUSTER X (Windows) up to 4.3 and related SingleServerSafe variants. The vulnerability is a Buffer overflow in the Disk Agent (CWE-119) that can allow remote code execution over the network. Affected components include Disk Agent, Transaction S...
JVN#69304877: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700、CVE-2021-20701 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...
NEC Corporation CLUSTERPRO缓冲区错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...
NEC Corporation CLUSTERPRO缓冲区错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...
NEC Corporation CLUSTERPRO 输入验证错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. An input validation error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0, which originates due to insufficient validation of user-supplied input by the software in the transaction...
NEC Corporation CLUSTERPRO 输入验证错误漏洞
NEC Corporation CLUSTERPRO is a HA clustering software from NEC. An input validation error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0, which stems from insufficient validation of user-supplied input in the software's WebManager. A remote...
NEC Corporation CLUSTERPRO 输入验证错误漏洞
NEC Corporation CLUSTERPRO is a HA clustering software from NEC. An input validation error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0, which stems from insufficient validation of user-supplied input in the software's WebManager. A remote...
NEC Corporation CLUSTERPRO 缓冲区错误漏洞
NEC Corporation CLUSTERPRO is an HA clustering software from NEC. A buffer error vulnerability exists in NEC Corporation CLUSTERPRO X version 1.0 and EXPRESSCLUSTER X version 1.0 that originates from a boundary error in the software transaction server. A remote attacker could exploit the...
NEC Corporation CLUSTERPRO 和 EXPRESSCLUSTER 缓冲区错误漏洞
Nec Expresscluster X is a specialized high availability cluster software from Nec Corporation of Japan. It is used to initiate a fast restore function and continuously protect critical applications and data.NEC Corporation CLUSTERPRO is a HA cluster software from NEC. A buffer error vulnerability...
Architecture Guideline for NEC EXPRESSCLUSTER X
Challenge When using NEC EXPRESSCLUSTER X NEC CLUSTERPRO X in Japan Market with Veeam Agent for Microsoft Windows or Veeam Backup & Replication, there are specific configuration requirements to ensure successful backup and restores. Solution Please refer to the Software Integration Guide on the N...
CVE-2020-17408
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External...
CVE-2020-17408
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External...
Xxe
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External...
CVE-2020-17408
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External...
CVE-2020-17408
The connected sources confirm a XXE vulnerability in NEC ExpressCluster (clpwebmc) affecting NEC CLUSTERPRO X/EXPRESSCLUSTER X 4.1/4.2. Root cause: improper restriction of XML External Entity references allows remote attackers to disclose sensitive information via specially crafted XML, in the co...
NEC ExpressCluster ApplyConfig XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Enti...
CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)
Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection XXE vulnerability CWE-611. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Informatio...
NEC EXPRESSCLUSTER X-1 on Linux Solaris Directory Traversal Vulnerability
NEC EXPRESSCLUSTER X on Windows, Linux, and Solaris is a suite of clustering software dual hot standby software from Nippon Electric Company NEC for Windows, Linux, and Solaris platforms. The software provides features such as shared disk arrays, automatic error detection and notification, and...
CVE-2016-1145
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2016-1145
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors...