CVE-2023-7240 – Broken Access Control leading to SSRF in NetIQ Identity Console
https://notcve.org/view.php?id=CVE-2023-7240
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. Se ha detectado un nivel de autorización inadecuado en el panel de inicio de sesión. Puede provocar Server Side Request Forgery no autenticadas y permite realizar una enumeración de servicios abiertos. • https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html • CWE-20: Improper Input Validation •
CVE-2024-2834 – OpenText ArcSight Management Center and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-2834
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en OpenText ArcSight Management Center y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000028275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6400 – Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.
https://notcve.org/view.php?id=CVE-2023-6400
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4. Una vulnerabilidad de autorización incorrecta en OpenText™ ZENworks Configuration Management (ZCM) permite el uso no autorizado de recursos del dispositivo. Este problema afecta a las versiones de ZENworks Configuration Management (ZCM): actualización 3, 23.3 y 23.4 de 2020. • https://portal.microfocus.com/s/article/KM000027630?language=en_US • CWE-863: Incorrect Authorization •
CVE-2024-1148 – Weak Access Control - Arbitrary file upload
https://notcve.org/view.php?id=CVE-2024-1148
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. El control de acceso débil en OpenText PVCS Version Manager permite la posibilidad de eludir la autenticación y la carga de archivos. • https://portal.microfocus.com/s/article/KM000026669 • CWE-287: Improper Authentication •
CVE-2024-1147 – Weak Access Control - Arbitrary file download
https://notcve.org/view.php?id=CVE-2024-1147
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. El control de acceso débil en OpenText PVCS Version Manager permite una posible omisión de la autenticación y la descarga de archivos. • https://portal.microfocus.com/s/article/KM000026669 • CWE-287: Improper Authentication •