Lucene search
+L

334 matches found

cvelist
cvelist
added 2022/10/19 12:0 a.m.41 views

CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.5AI score0.00647EPSS
Exploits0References2
cvelist
cvelist
added 2022/10/19 12:0 a.m.37 views

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

5.6AI score0.00579EPSS
Exploits0References2
cvelist
cvelist
added 2022/10/19 12:0 a.m.39 views

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.5AI score0.00666EPSS
Exploits0References2
cvelist
cvelist
added 2022/10/19 12:0 a.m.47 views

CVE-2022-43424

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.6AI score0.00647EPSS
Exploits0References2
cve
cve
added 2022/10/19 12:0 a.m.87 views

CVE-2022-43422

CVE-2022-43422 affects Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier. The root cause is an agent/controller message that is not limited to where it can be executed, allowing attackers who can control agent processes to obtain Java system properties from the Jenkins controller process...

5.3CVSS5.1AI score0.00666EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/10/19 12:0 a.m.93 views

CVE-2022-43423

CVE-2022-43423 concerns the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions

5.3CVSS5.3AI score0.00579EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/10/19 12:0 a.m.98 views

CVE-2022-43428

CVE-2022-43428 affects Jenkins Compuware Topaz for Total Test Plugin, v2.4.8 and earlier. Affected plugin uses an agent/controller message that can run without restricting execution location, allowing an attacker who controls agent processes to read Java system properties from the Jenkins control...

5.3CVSS5.2AI score0.00647EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2022/08/16 5:0 p.m.8 views

CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file...

6.7CVSS6.3AI score0.00126EPSS
Exploits0References1
github
github
added 2022/07/28 12:0 a.m.21 views

Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure

Jenkins Compuware zAdviser API Plugin defines a controller/agent message that retrieves Java system properties. Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve...

8.2CVSS7.9AI score0.00832EPSS
Exploits0References5Affected Software1
osv
osv
added 2022/07/28 12:0 a.m.52 views

GHSA-5XP2-7QFC-FWGC Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure

Jenkins Compuware zAdviser API Plugin defines a controller/agent message that retrieves Java system properties. Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve...

4.3CVSS8.2AI score0.00832EPSS
Exploits0References4
osv
osv
added 2022/07/27 3:15 p.m.3 views

CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS5.9AI score0.00832EPSS
Exploits0References2
nvd
nvd
added 2022/07/27 3:15 p.m.28 views

CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS0.00832EPSS
Exploits0References2
nvd
nvd
added 2022/07/27 3:15 p.m.39 views

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS0.0085EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/07/27 3:15 p.m.11 views

CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS6AI score0.00832EPSS
Exploits0References3
attackerkb
attackerkb
added 2022/07/27 3:15 p.m.6 views

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS6AI score0.0085EPSS
Exploits0References3
osv
osv
added 2022/07/27 3:15 p.m.18 views

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS8.2AI score
Exploits0References2
prion
prion
added 2022/07/27 3:15 p.m.19 views

Code injection

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

6.4CVSS8.1AI score0.00832EPSS
Exploits0References2Affected Software1
prion
prion
added 2022/07/27 3:15 p.m.21 views

Code injection

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

6.4CVSS8.1AI score0.0085EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/07/27 2:24 p.m.32 views

CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.4AI score0.00832EPSS
Exploits0References2
cve
cve
added 2022/07/27 2:24 p.m.431 views

CVE-2022-36900

CVE-2022-36900 affects Jenkins Compuware zAdviser API Plugin versions 1.0.3 and earlier. The root cause is that the plugin’s controller/agent message is not restricted to agents, enabling an attacker who can control agent processes to retrieve Java system properties. This has been described in mu...

8.2CVSS8.1AI score0.00832EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder