CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17457
https://notcve.org/view.php?id=CVE-2020-17457
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages. Fujitsu ServerView Suite iRMC versiones anteriores a 9.62F, permite un ataque de tipo XSS. Un atacante autenticado puede almacenar una carga útil XSS en el campo PSCU_FILE_INIT de un documento XML de Save Configuration. • https://support.ts.fujitsu.com/IndexDownload.asp?Softwareguid=C67A44AE-B022-4150-8621-C4393C007ED9 https://www.gruppotim.it/redteam • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 574EXPL: 0CVE-2019-13163
https://notcve.org/view.php?id=CVE-2019-13163
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. La biblioteca Fujitsu TLS permite un ataque de tipo man-in-the-middle. Esto afecta a Interstage Application Development Cycle Manager versión V10 y otras versiones, Interstage Application Server versión V12 y otras versiones, Interstage Business Application Manager versión V2 y otras versiones, Interstage Information Integrator versión V11 y otras versiones, Interstage Job Workload Server versión V8, Interstage List Works versión V10 y otras versiones , Interstage Studio versión V12 y otras versiones, Interstage Web Server Express versión V11, Linkexpress versión V5, Safeauthor versión V3, ServerView Resource Orchestrator versión V3, Systemwalker Cloud Business Service Management versión V1, Systemwalker Desktop Keeper versión V15, Systemwalker Desktop Patrol versión V15, Systemwalker IT Change Manager versión V14, Systemwalker Operation Manager versión V16 y otras versiones, Systemwalker Runbook Automation versión V15 y otras versiones, Systemwalker Security Control versión V1 y Systemwalker Software Configuration Manager versión V15. • https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3898
https://notcve.org/view.php?id=CVE-2014-3898
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Fujitsu ServerView Operations Manager 5.00.09 hasta 6.30.05 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html http://jp.fujitsu.com/platform/server/primergy/note/page20.html http://jvn.jp/en/jp/JVN22534185/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000091 http://secunia.com/advisories/59210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-3126
https://notcve.org/view.php?id=CVE-2008-3126
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL. Múltiples desbordamientos de búfer basados en pila del interfaz web ServerView (SnmpGetMibValues.exe) en Fujitsu Siemens Computers ServerView 04.60.07 y anteriores permiten a usuarios remotos autenticados ejecutar código arbitrariamente a través de una URL manipulada. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063043.html http://secunia.com/advisories/30913 http://www.securityfocus.com/bid/30081 http://www.vupen.com/english/advisories/2008/2007/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 3CVE-2007-3011 – Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
https://notcve.org/view.php?id=CVE-2007-3011
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. La secuencia de comandos CGI DBAsciiAccess en el interfaz Web de Fujitsu-Siemens Computers ServerView anterior a 4.50.09 permite a atacantes remotos ejecutar comandos de su elección mediante metacaracteres de consola (shell) en el subparámetro Servername del parámetro ParameterList. Fujitsu-Siemens ServerView suffers from a remote command execution vulnerability. Full details provided. Versions below 4.50.09 are affected. • https://www.exploit-db.com/exploits/30264 http://osvdb.org/37835 http://secunia.com/advisories/25944 http://securityreason.com/securityalert/2858 http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.php http://www.securityfocus.com/archive/1/472800/100/0/threaded http://www.securityfocus.com/bid/24762 http://www.vupen.com/english/advisories/2007/2441 https://exchange.xforce.ibmcloud.com/vulnerabilities/35257 •