CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51548 – Dangerous File Upload
https://notcve.org/view.php?id=CVE-2024-51548
05 Dec 2024 — Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-51546 – Credentails Disclosure
https://notcve.org/view.php?id=CVE-2024-51546
05 Dec 2024 — Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle a... • https://packetstorm.news/files/id/183349 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51545 – Username Enumeration
https://notcve.org/view.php?id=CVE-2024-51545
05 Dec 2024 — Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-51544 – Service Control
https://notcve.org/view.php?id=CVE-2024-51544
05 Dec 2024 — Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 has an authenticated access vulnerability in the aspectMemory.php script that allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead ... • https://packetstorm.news/files/id/183145 • CWE-15: External Control of System or Configuration Setting •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51543 – Information Disclosure
https://notcve.org/view.php?id=CVE-2024-51543
05 Dec 2024 — Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-15: External Control of System or Configuration Setting •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51542 – Configuration Download
https://notcve.org/view.php?id=CVE-2024-51542
05 Dec 2024 — Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51541 – Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-51541
05 Dec 2024 — Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48847 – MD5 bypass operation
https://notcve.org/view.php?id=CVE-2024-48847
05 Dec 2024 — MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-328: Use of Weak Hash •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48846 – Cross Side Request Forgery, CSRF
https://notcve.org/view.php?id=CVE-2024-48846
05 Dec 2024 — Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 • https://packetstorm.news/files/id/183031 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-48845 – Weak Password Rules/Strength
https://notcve.org/view.php?id=CVE-2024-48845
05 Dec 2024 — Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 • https://packetstorm.news/files/id/183354 • CWE-521: Weak Password Requirements •