Lucene search
+L

93 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.9 views

CVE-2024-28990

SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...

8.8CVSS7.3AI score0.00474EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

Allegra 信任管理问题漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A trust management issue vulnerability exists in Allegra that stems from the inclusion of a hard-coded credential that leads to an authentication bypass vulnerability...

9.8CVSS9.5AI score0.01323EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

Tenda G3 安全漏洞

Tenda G3 is a QosVpn router from Tenda China. The Tenda G3 suffers from a hard-coded credential vulnerability that can be exploited by an attacker to log in as root and obtain sensitive information...

8CVSS6.9AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2024/09/30 7:15 a.m.6 views

CVE-2024-8449

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

6.8CVSS5.8AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2024/09/30 7:15 a.m.26 views

CVE-2024-8449

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

6.8CVSS0.00267EPSS
Exploits0References2
OSV
OSV
added 2024/09/30 7:15 a.m.5 views

CVE-2024-8448

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

8.8CVSS5.8AI score0.00485EPSS
Exploits0References2
CVE
CVE
added 2024/09/30 6:45 a.m.59 views

CVE-2024-8449

CVE-2024-8449 affects PLANET Technology switch models, where the password recovery function contains a hard-coded credential. An unauthenticated attacker with physical access can use the serial console to reset any user’s password. The CVE entry notes hard-coded credential as the root cause and h...

6.8CVSS6.7AI score0.00267EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.6 views

PT-2024-39019 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switches affected versions not specified Description: The issue concerns a hard-coded credential in the password recovering functionality of certain switch models from PLANET Technology. This allows an unauthenticated attack...

6.8CVSS7.2AI score0.00267EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/29 12:0 a.m.7 views

PT-2024-39018 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns a hard-coded credential in the command-line interface of certain switch models from PLANET Technology. This allows remote attackers with regular...

8.8CVSS7.1AI score0.00485EPSS
Exploits0References13
OSV
OSV
added 2024/09/19 4:15 p.m.6 views

CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

7.5CVSS5.8AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/09/19 4:15 p.m.49 views

CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

9.2CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 3:51 p.m.77 views

CVE-2024-45861

The CVE-2024-45861 vulnerability affects Kastle Systems Access Control System firmware prior to May 1, 2024. The issue is use of hard-coded credentials in the firmware (CVE-2024-45861) which, if accessed, could allow an attacker to obtain sensitive information. The CISA ICS advisory confirms remo...

9.2CVSS7.4AI score0.0037EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.11 views

PT-2024-31817 · Kastle Systems · Kastle Systems Firmware

Name of the Vulnerable Software and Affected Versions: Kastle Systems firmware prior to May 1, 2024 Description: The issue concerns a hard-coded credential in the firmware, which, if accessed, may allow an attacker to access sensitive information. Recommendations: For Kastle Systems firmware prio...

9.2CVSS6.6AI score0.0037EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/09/18 12:0 a.m.16 views

SolarWinds ARM 2024.3.1 Multiple Vulnerabilities (2024-3-1)

The version of SolarWinds ARM installed on the remote host is prior to 2024.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-3-1 advisory. - SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. ...

9CVSS7.5AI score0.03085EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/09/17 4:34 a.m.29 views

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...

9.8CVSS8.6AI score0.03085EPSS
Exploits0
NVD
NVD
added 2024/09/12 2:16 p.m.24 views

CVE-2024-28990

SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...

8.8CVSS0.00474EPSS
Exploits0References2
OSV
OSV
added 2024/09/12 2:16 p.m.3 views

CVE-2024-28990

SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...

8.8CVSS5.8AI score0.00474EPSS
Exploits0References2
CVE
CVE
added 2024/09/12 1:16 p.m.64 views

CVE-2024-28990

SolarWinds ARM contains a hard-coded credential authentication bypass (CVE-2024-28990) that could allow access to the RabbitMQ management console. The vulnerability affects ARM versions prior to 2024.3.1, and remediation is available in ARM 2024.3.1 (as referenced by multiple sources). No exploit...

8.8CVSS8.2AI score0.00474EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/01 12:6 p.m.37 views

CVE-2024-4007 Hard coded default credential contained in install package

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured...

8.8CVSS0.01511EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.6 views

PT-2024-6218 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to a hard-coded credential authentication bypass vulnerability in SolarWinds Access Rights Manager ARM. If exploited, this vulnerability would...

9.8CVSS7.2AI score0.00474EPSS
Exploits0References19
Rows per page
Query Builder