6 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks. • https://www.dell.com/support/kbdoc/en-us/000204266/dsa-2022-258-dell-streaming-data-platform-security-update-for-multiple-third-party-component-vulnerabilities • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. Dell EMC Streaming Data Platform versiones anteriores a 1.3, contienen una Vulnerabilidad de Expiración de Sesión Insuficiente. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para reusar artefactos de sesión antiguos para hacerse pasar por un usuario legítimo • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-613: Insufficient Session Expiration •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. Dell EMC Streaming Data Platform versiones anteriores a 1.3, contienen una Vulnerabilidad de Referencia Indirecta a Objetos. Un usuario malicioso remoto podría explotar esta vulnerabilidad para conseguir información confidencial • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. Dell EMC Streaming Data Platform versiones anteriores a 1.3, contienen una vulnerabilidad de inyección SQL. Un usuario malicioso remoto puede explotar potencialmente esta vulnerabilidad para ejecutar comandos SQL para llevar a cabo acciones no autorizadas y recuperar información confidencial de la base de datos • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-598: Use of GET Request Method With Sensitive Query Strings •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. Dell EMC Streaming Data Platform versiones anteriores a 1.3, contienen una Vulnerabilidad de tipo Server Side Request Forgery. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para llevar a cabo un escaneo de puertos de redes internas y realizar peticiones HTTP a un dominio arbitrario de la elección del atacante • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-918: Server-Side Request Forgery (SSRF) •