The vulnerability in the online business analytics web interface of IBM Cognos Analytics allows a perpetrator to execute arbitrary JavaScript code and expose account information.

The vulnerability of the online business analytics web interface of IBM Cognos Analytics relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and disclose user credentials...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of protective measures for website structures, allowing attackers to gain access to user accounts.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to a user’s account...

The vulnerability of the graphical interface of the Fortinet FortiPorta security analysis and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Fortinet FortiPortal graphical interface for security analysis and management lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information by...

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the sqlgvec_upd component in the Virtuoso-OpenSource web application development platform allows a attacker to cause a service failure.

The vulnerability of the sqlgvecupd component in the Virtuoso-OpenSource web application development platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to cause service interruptions remotely...

Siemens SIMATIC S7-1500 TM MFP

SUMMARY Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens...

The vulnerability of the Wallos financial management web application, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary code.

The vulnerability of the Wallos financial management web application is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability in the virtual learning environment Moodle, related to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.

The vulnerability in the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the web interface of the IBM QRadar SIEM system allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the IBM QRadar SIEM web interface relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to protected information...

Siemens SIPROTEC 5

SUMMARY Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released...

Siemens Siveillance Video Camera

SUMMARY Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. Siemens has released an update...

CISA: Chemical Sector 101

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Siemens Teamcenter Visualization 

SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

The vulnerability of the software for managing software product licenses in HPE AutoPass License Server lies in the lack of protective measures for the SQL query structure, allowing attackers to access confidential information.

The vulnerability of the software for managing HPE AutoPass License Server products is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker to access confidential information...

The vulnerability of the monitoring tool for VMware Aria Operations, related to the lack of protective measures for the website structure, allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

The vulnerability of the Manager component in the Wowza Streaming Engine server software allows a hacker to execute XSS attacks.

The vulnerability of the Manager component in the Wowza Streaming Engine server software is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability of the Azure DevOps Server software lies in the lack of protective measures for the website structure, allowing attackers to perform spear-phishing attacks.

The vulnerability of the Azure DevOps Server development tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...

The vulnerability of the PRO32 Connect web application lies in the lack of protective measures for the web page structure, allowing attackers to execute arbitrary code.

The vulnerability of the PRO32 Connect web application is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...