CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management RMM platform designed...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-45357

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...

Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks.Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier are vulnerable to remote authentication bypass...

Command injection

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

CVE-2022-23665

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

CVE-2022-23658

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

Command injection

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

Command injection

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

PT-2022-16166 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.4 and below Aruba ClearPass Policy Manager versions 6.9.9 and below Aruba ClearPass Policy Manager versions 6.8.9-HF2 and below Aruba ClearPass Policy Manager versions 6.7.x and below Description: ...

CVE-2021-35211

Microsoft discovered a remote code execution RCE vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...

CVE-2021-35211

Microsoft discovered a remote code execution RCE vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...

CVE-2021-35211

CVE-2021-35211 affects SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows prior to 15.2.3 HF2. The connected PoC exploit documents an out-of-bounds write path leading to remote code execution, with targets around Serv-U version 15.2.3 (examples cite 15.2.3.717). Exploitatio...

SolarWinds Orion Platform < 2019.4 HF6 / 2020.2 < 2020.2.1 HF2 Authentication Bypass (SUPERNOVA)

The version of SolarWinds Orion Platform running on the remote host is prior to 2019.4 HF6 or 2020.2 prior to 2020.2.1 HF 2. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this, via a specially crafted web request, to bypass...

CVE-2017-7425

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2...

CVE-2017-7425

CVE-2017-7425 corresponds to a cross-site scripting (XSS) vulnerability in NetIQ iManager Web UI. The connected CNVD entry confirms that versions prior to 2.7.7 Patch 10 HF2 and prior to 3.0.3.2 are affected, with a remote attacker able to execute arbitrary JavaScript in the context of the affect...

Symantec Ghost Solutions Suite Denial of Service Vulnerability - Windows

Symantec Ghost Solutions Suite is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-1599

Cross-site scripting XSS vulnerability in NetIQ Self Service Password Reset SSPR 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...