Lucene search
K

27 matches found

CNNVD
CNNVD
added 2022/11/07 12:0 a.m.6 views

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security signature issue vulnerability exists in Object First version 1.0.7.712, which stems from the use of an insecure RNG in the command that creates URLs for support packages, which could allow an attacker to access...

6.5CVSS6.5AI score0.00523EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.10 views

PT-2022-27315 · Firstobject · Object First Ootbi Beta

Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG,...

6.5CVSS6.2AI score0.00523EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.8 views

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

6.7AI score0.00671EPSS
Exploits0References1
CVE
CVE
added 2022/11/07 12:0 a.m.80 views

CVE-2022-44796

CVE-2022-44796 concerns Object First Ootbi BETA. Affected versions: 1.0.7.712 (and up to 1.0.13.1610 per PT-2022-27316) with an authorization flow that allows access to the Web UI without credentials. The root cause is a JWT signing key generated by a function that does not produce cryptographica...

9.8CVSS9.2AI score0.00671EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.5 views

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security feature issue vulnerability exists in Object First version 1.0.7.712, which stems from JWT tokens using keys generated by functions that do not produce cryptographically strong sequences, which can be predicted b...

9.8CVSS8.3AI score0.00671EPSS
Exploits0References2
CVE
CVE
added 2022/11/07 12:0 a.m.53 views

CVE-2022-44795

CVE-2022-44795 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610 (fixed in 1.0.13.1611). The root cause is an insecure RNG used to create the URL for the support bundle, which could allow an attacker with credentials to predict the URL and access system logs, resulting in lo...

6.5CVSS6.2AI score0.00523EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.9 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.3AI score0.00523EPSS
Exploits0References1
Rows per page
Query Builder