20 matches found
EUVD-2020-17787
Malware in sbrugna...
EUVD-2020-17788
Malware in sbrugna...
CVE-2020-25095
LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...
CVE-2020-25094
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...
CVE-2020-25096
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
Logrhythm Platform Manager Access Control Error Vulnerability
Logrhythm Platform Manager is a component of the Logrhythm application from Logrhythm USA. The component is responsible for centralized management of alerts, notifications and case and security event management. Supports real-time dashboards, SmartResponse operations and reports. An Access Contro...
CVE-2020-25095
LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...
CVE-2020-25094
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...
CVE-2020-25096
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
CVE-2020-25094
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...
Design/Logic Flaw
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
CVE-2020-25094
CVE-2020-25094 affects LogRhythm Platform Manager 7.4.9. Affected component: WebSocket handling that forwards commands to a LogRhythm Smart Response agent. Root cause: command injection via WebSocket, enabling arbitrary program names/arguments execution with LocalSystem privileges on remote hosts...
CVE-2020-25094
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...
CVE-2020-25096
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
Logrhythm Platform Manager Injection Vulnerability
Logrhythm Platform Manager is a component of the Logrhythm application from Logrhythm USA. The component is responsible for centralized management of alerts, notifications and case and security event management. Supports real-time dashboards, SmartResponse actions and reports. An injection...
Logrhythm Platform Manager 安全漏洞
Logrhythm Platform Manager is a component of the Logrhythm application from Logrhythm USA. The component is responsible for centralized management of alerts, notifications and case and security event management. Supports real-time dashboards, SmartResponse operations and reports. An Access Contro...
LogRhythm Platform Manager (PM) Cross-Site Request Forgery Vulnerability
Logrhythm Platform Manager is a component of the Logrhythm application from Logrhythm USA. The component is responsible for centralized management of alerts, notifications and case and security event management. Supports real-time dashboards, SmartResponse operations and reports. LogRhythm Platfo...
CVE-2019-4521
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179...
IBM Cloud Pak System Platform System Manager Information Disclosure Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in Platform System Manager in I...
Cisco Nexus 9000 Series Platform Manager Service DoS
The remote Cisco Nexus device is affected by a denial of service vulnerability in the Platform Manager service, part of the SNMP subsystem, when the High Availability HA policy is configured to Reset. A remote, authenticated attacker can exploit this to trigger a device reload. TRUSTED...