4 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2022-22965
CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...
CVE-2023-20043
The CVE-2023-20043 entry concerns Cisco CX Cloud Agent. Affected component: Cisco CX Cloud Agent. Root cause: insecure file permissions allowing a locally authenticated attacker to elevate privileges by executing a script with sudo, potentially gaining full control of the device. Documented impac...
CVE-2023-20044
Cisco CX Cloud Agent contains a privilege-escalation vulnerability caused by insecure file permissions. An authenticated, local attacker could exploit settings persuaded by support to call insecure scripts, potentially taking full control of the affected device. Cisco has issued advisories and so...