CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41746 – Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. ... Nota: un atacante debe obtener primero la capacidad de iniciar sesión en la consola web de Apex One para poder explotar esta vulnerabilidad This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and reconfigure the server and associated endpoint agents. • https://success.trendmicro.com/solution/000291645 https://www.zerodayinitiative.com/advisories/ZDI-22-1403 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41747 – Trend Micro Apex One Security Agent Improper Certificate Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41747
Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291645 https://www.zerodayinitiative.com/advisories/ZDI-22-1402 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42427 – Centreon Contact Group SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42427
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1398 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42428 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42428
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1399 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 94%CPEs: 5EXPL: 7CVE-2022-41040 – Microsoft Exchange Server Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-41040
Microsoft Exchange Server Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Microsoft Exchange Server This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/kljunowsky/CVE-2022-41040-POC https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell https://github.com/numanturle/CVE-2022-41040 https://github.com/d3duct1v/CVE-2022-41040 https://github.com/r3dcl1ff/CVE-2022-41040 https://github.com/ITPATJIDR/CVE-2022-41040 http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040 https://www.kb.c • CWE-918: Server-Side Request Forgery (SSRF) •