CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-43997
https://notcve.org/view.php?id=CVE-2022-43997
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights. El control de acceso incorrecto en el agente de Aternity en Riverbed Aternity antes de 12.1.4.27 permite la escalada de privilegios locales. Hay un identificador insuficientemente protegido para el proceso del SYSTEM A180AG.exe con derechos PROCESS_ALL_ACCESS. • https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741 https://winternl.com/cve-2022-43997 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5062
https://notcve.org/view.php?id=CVE-2016-5062
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. Varias vulnerabilidades de XSS en el servidor web en Aternity en versiones anteriores a 9.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) HTTPAgent, (2) MacAgent, (3) getExternalURL o (4) RetrieveTrustedUrl página. • http://www.kb.cert.org/vuls/id/706359 http://www.securityfocus.com/bid/93208 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5061
https://notcve.org/view.php?id=CVE-2016-5061
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page. Varias vulnerabilidades de XSS en el servidor web en Aternity en versiones anteriores a 9.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) HTTPAgent, (2) MacAgent, (3) getExternalURL o (4) RetrieveTrustedUrl página. • http://www.kb.cert.org/vuls/id/706359 http://www.securityfocus.com/bid/93210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •