Oncommand Insight Security Vulnerabilities and Issues — Page 18 of Oncommand Insight CVE List

Lucene search

NetappOncommand Insight

969 matches found

CVE•added 2022/07/19 10:15 p.m.•116 views

CVE-2022-21525

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00152EPSS

CVE•added 2022/07/19 10:15 p.m.•116 views

CVE-2022-21547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00102EPSS

CVE•added 2018/07/18 1:29 p.m.•115 views

CVE-2018-3071

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attack...

4.9CVSS4.8AI score0.00439EPSS

CVE•added 2022/07/19 10:15 p.m.•115 views

CVE-2022-21527

5.5CVSS5.4AI score0.00154EPSS

CVE•added 2022/07/19 10:15 p.m.•115 views

CVE-2022-21529

4.9CVSS4.9AI score0.00113EPSS

CVE•added 2022/04/19 9:15 p.m.•113 views

CVE-2022-21437

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.0013EPSS

CVE•added 2022/07/19 10:15 p.m.•112 views

CVE-2022-21526

4.9CVSS4.9AI score0.00152EPSS

CVE•added 2023/07/18 9:15 p.m.•112 views

CVE-2023-22046

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS5.2AI score0.00081EPSS

CVE•added 2022/07/19 10:15 p.m.•111 views

CVE-2022-21556

6.5CVSS6.3AI score0.00106EPSS

CVE•added 2022/07/19 10:15 p.m.•111 views

CVE-2022-21569

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00181EPSS

CVE•added 2018/04/19 2:29 a.m.•110 views

CVE-2018-2846

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

4.9CVSS5AI score0.00439EPSS

CVE•added 2022/07/19 10:15 p.m.•110 views

CVE-2022-21530

4.9CVSS4.9AI score0.00113EPSS

CVE•added 2021/02/19 9:15 a.m.•109 views

CVE-2021-26296

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacke...

7.5CVSS7.6AI score0.00321EPSS

CVE•added 2023/07/18 9:15 p.m.•109 views

CVE-2023-22008

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS5.2AI score0.00081EPSS

CVE•added 2023/07/18 9:15 p.m.•109 views

CVE-2023-22056

4.9CVSS5.2AI score0.0027EPSS

CVE•added 2019/10/16 6:15 p.m.•108 views

CVE-2019-2922

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom...

5.3CVSS4.3AI score0.03278EPSS

CVE•added 2018/04/19 2:29 a.m.•107 views

CVE-2018-2777

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS5AI score0.00142EPSS

CVE•added 2018/07/18 1:29 p.m.•107 views

CVE-2018-3061

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS4.8AI score0.00439EPSS

CVE•added 2023/07/18 9:15 p.m.•107 views

CVE-2023-22054

4.9CVSS5.2AI score0.0008EPSS

CVE•added 2018/04/19 2:29 a.m.•102 views

CVE-2018-2759

4.9CVSS5AI score0.00142EPSS

CVE•added 2018/04/19 2:29 a.m.•102 views

CVE-2018-2839

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS5AI score0.00439EPSS

CVE•added 2020/06/15 10:15 p.m.•101 views

CVE-2020-4051

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16...

5.4CVSS4.7AI score0.00164EPSS

CVE•added 2017/10/19 5:29 p.m.•99 views

CVE-2017-10365

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.5CVSS3.3AI score0.00313EPSS

CVE•added 2019/10/16 6:15 p.m.•97 views

CVE-2019-2910

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

4.3CVSS3.3AI score0.00423EPSS

CVE•added 2021/10/20 11:17 a.m.•97 views

CVE-2021-35639

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Success...

6.8CVSS4.9AI score0.00143EPSS

CVE•added 2024/02/26 4:27 p.m.•96 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

4.3CVSS4.5AI score0.00033EPSS

CVE•added 2019/08/09 6:15 p.m.•94 views

CVE-2019-5498

OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.

6.5CVSS6.2AI score0.00328EPSS

CVE•added 2018/04/19 2:29 a.m.•93 views

CVE-2018-2812

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

5.5CVSS5.3AI score0.00464EPSS

CVE•added 2017/10/19 5:29 p.m.•91 views

CVE-2017-10286

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4.4CVSS4.3AI score0.0025EPSS

CVE•added 2022/04/19 9:15 p.m.•91 views

CVE-2022-21490

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.6AI score0.27796EPSS

CVE•added 2024/02/26 4:27 p.m.•91 views

CVE-2023-30996

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

5.3CVSS5AI score0.00073EPSS

CVE•added 2018/04/19 2:29 a.m.•90 views

CVE-2018-2816

4.9CVSS5AI score0.00439EPSS

CVE•added 2023/10/17 10:15 p.m.•90 views

CVE-2023-22095

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

6.5CVSS6.2AI score0.00125EPSS

CVE•added 2024/02/26 4:27 p.m.•90 views

CVE-2023-43051

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 26...

5.4CVSS5.2AI score0.00224EPSS

CVE•added 2022/07/19 10:15 p.m.•88 views

CVE-2022-21550

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior and and 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the phy...

6.3CVSS5.7AI score0.38318EPSS

CVE•added 2021/03/19 9:15 p.m.•87 views

CVE-2021-21267

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...

7.5CVSS7.5AI score0.00866EPSS

CVE•added 2024/02/26 4:27 p.m.•87 views

CVE-2023-38359

6.1CVSS5.8AI score0.00087EPSS

CVE•added 2022/04/22 5:15 p.m.•86 views

CVE-2021-20464

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

6.5CVSS6.7AI score0.00326EPSS

CVE•added 2019/09/17 7:15 p.m.•85 views

CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

7.8CVSS7.6AI score0.01142EPSS

CVE•added 2019/10/16 6:15 p.m.•83 views

CVE-2019-2923

5.3CVSS4.3AI score0.01795EPSS

CVE•added 2022/04/22 5:15 p.m.•83 views

CVE-2021-29824

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.

4.3CVSS5.3AI score0.00224EPSS

CVE•added 2022/04/22 5:15 p.m.•82 views

CVE-2021-38886

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.

8.8CVSS8.7AI score0.0018EPSS

CVE•added 2022/07/19 10:15 p.m.•81 views

CVE-2022-21519

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful ...

5.9CVSS5.3AI score0.00303EPSS

CVE•added 2017/10/19 5:29 p.m.•80 views

CVE-2017-10320

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS4.7AI score0.00297EPSS

CVE•added 2020/04/15 2:15 p.m.•79 views

CVE-2020-2790

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.2AI score0.00471EPSS

CVE•added 2021/12/09 5:15 p.m.•78 views

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

8.7CVSS8AI score0.00257EPSS

CVE•added 2022/04/22 5:15 p.m.•78 views

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the sec...

5.4CVSS6.2AI score0.00145EPSS

CVE•added 2021/10/20 11:16 a.m.•77 views

CVE-2021-35583

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

7.5CVSS6.9AI score0.01522EPSS

CVE•added 2022/04/22 5:15 p.m.•77 views

CVE-2021-38946

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 21...

5.4CVSS5.6AI score0.00686EPSS

CVE•added 2019/09/17 7:15 p.m.•76 views

CVE-2019-4342

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.

5.4CVSS5.6AI score0.00229EPSS

Total number of security vulnerabilities969