The vulnerability could be exploited to allow remote code execution. The vulnerability could be exploited to allow remote code execution.Ī potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The following PoC demonstrates the vulnerability:Ī potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The injection point is located in line 15 in index.js. This affects the package connection-tester before 0.2.1. Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).Ī command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.
While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Supported versions that are affected are 10 and 11. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module).
0 kommentar(er)
