Lucene search
K

269 matches found

EUVD
EUVD
added 2024/07/10 6:38 p.m.5 views

EUVD-2024-36465

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS4.5AI score0.00685EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/07/10 12:0 a.m.14 views

CVE-2024-37147

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS5.9AI score0.00685EPSS
Exploits1References2
NVD
NVD
added 2024/03/18 5:15 p.m.25 views

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

9.6CVSS6.6AI score0.3572EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 5:15 p.m.32 views

CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.8CVSS4.8AI score0.00665EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.26 views

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

6.1CVSS5.8AI score0.00815EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.39 views

CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS5.8AI score0.58818EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/03/18 5:15 p.m.25 views

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

9.6CVSS5.8AI score0.3572EPSS
Exploits0References4
CVE
CVE
added 2024/03/18 4:19 p.m.90 views

CVE-2024-27914

CVE-2024-27914 affects GLPI (Asset and IT Management Software). The vulnerability is a reflected XSS that can be triggered when an unauthenticated user entices a GLPI administrator with a malicious link and the administrator navigates through the debug bar. The issue is explicitly described as en...

6.1CVSS5.4AI score0.00815EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/18 4:19 p.m.31 views

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

5.3CVSS5.8AI score0.00815EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/18 4:16 p.m.25 views

CVE-2024-27104 Stored XSS in dashboards in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.5CVSS5.9AI score0.00665EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 4:15 p.m.27 views

CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...

6.5CVSS6.6AI score0.26937EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/03/18 4:15 p.m.26 views

CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...

6.5CVSS5.7AI score0.26937EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/03/18 4:15 p.m.30 views

CVE-2024-27930

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...

6.5CVSS5.8AI score0.01139EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/03/18 4:14 p.m.26 views

CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

6.4CVSS6.9AI score0.3572EPSS
Exploits0References3
CVE
CVE
added 2024/03/18 4:14 p.m.77 views

CVE-2024-27098

CVE-2024-27098 concerns GLPI, a Free Asset and IT Management Software. An authenticated user can perform a server-side request forgery (SSRF) via Arbitrary Object Instantiation. The issue affects GLPI prior to the patched version and is mitigated by upgrading to version 10.0.13 or newer. The conn...

9.6CVSS6.5AI score0.3572EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/18 4:11 p.m.27 views

CVE-2024-27096 SQL Injection in through the search engine

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS7.6AI score0.58818EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/18 4:11 p.m.25 views

CVE-2024-27096 SQL Injection in through the search engine

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS7.5AI score0.58818EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/18 3:29 p.m.17 views

CVE-2024-27930 Sensitive fields access through dropdowns in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13...

6.5CVSS6.5AI score0.01139EPSS
Exploits1References4
CVE
CVE
added 2024/03/18 3:17 p.m.110 views

CVE-2024-27937

GLPI (Asset/IT Management software) is affected by CVE-2024-27937 where an authenticated user can obtain the email addresses of all GLPI users. Root cause details across connected docs include: a patch exists in GLPI 10.0.13 (NVD/Red Hat/OSV notes), while another advisory notes that versions prio...

6.5CVSS6.5AI score0.26937EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.6 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the use of a field in the ITIL form for submitting requests, which allows an attacker to obtain the administrator’s account information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment lies in the use of a input field for ITIL entities in the request form. Exploiting this vulnerability could allow a malicious actor to gain access to the administrator’s account by sending a...

10CVSS7.8AI score0.00899EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder