6 results (0.029 seconds)

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.19 y 1.7.x en versiones anteriores a 1.7.10, cuando se usa vCloud o vSphere, tiene una contraseña por defecto para la compilacion VMs, lo que permite a atacantes remotos obtener acceso SSH conectando dentro del periodo de tiempo de instalación durante el cual existen estas VMs. • http://www.securityfocus.com/bid/93027 https://pivotal.io/security/cve-2016-0930 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 y 1.7.x en versiones anteriores a 1.7.8, cuando se usa vCloud o vSphere, no activa adecuadamente acceso SSH para operadores, lo que tiene un impacto no especifico y vectores de ataque remotos. • https://pivotal.io/security/cve-2016-0897 • CWE-310: Cryptographic Issues •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92698 http://www.securitytracker.com/id/1036716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • http://www.securityfocus.com/bid/92122 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05206507 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 91%CPEs: 4EXPL: 5

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. vmtadmin.cgi en VMTurbo Operations Manager anterior a 4.6 build 28657 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro fileDate en una llamada DOWN. • https://www.exploit-db.com/exploits/34335 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://secunia.com/advisories/58880 http://secunia.com/secunia_research/2014-8 http://www.exploit-db.com/exploits/34335 http://www.osvdb.org/109572 http://www.securityfocus.com/bid/69225 https://exchange.xforce.ibmcloud.com/vulnerabilities/95319 http •