Page 3 of 15 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. Se ha identificado una potencial divulgación de datos en Micro Focus Service Manager en versiones 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50 y 9.51. La vulnerabilidad podría ser explotada para divulgar datos de forma no autorizada. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286176 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php o /admin/website.php. • http://www.securityfocus.com/bid/104141 http://www.securitytracker.com/id/1040902 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.0EPSS: 0%CPEs: 48EXPL: 0

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a usuarios remotos autenticados obtener información sensible, modificar datos y llevar a cabo ataques de SSRF a través de vectores no especificados, relacionado con los componentes Server, Web Client, Windows Client y Service Request. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05167176 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con los componentes Web Client, Service Request Catalog y Mobility. • http://www.securitytracker.com/id/1035954 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Service Manager (SM) 9.3x en versiones anteriores a 9.35 P4 y 9.4x en versiones anteriores a 9.41.P2 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565 • CWE-20: Improper Input Validation •