CVE-2016-0883
https://notcve.org/view.php?id=CVE-2016-0883
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.5.14 y 1.6.x en versiones anteriores a 1.6.9 usa la misma clave de cifrado de cookies a través instalaciones de clientes diferentes, lo que permite a atacantes remotos eludir autenticación de sesión mediante el aprovechamiento del conocimiento de esta clave desde otra instalación. • https://pivotal.io/security/pcf-ops-manager-weak-authentication-scheme • CWE-287: Improper Authentication •
CVE-2016-0897
https://notcve.org/view.php?id=CVE-2016-0897
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors. Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 y 1.7.x en versiones anteriores a 1.7.8, cuando se usa vCloud o vSphere, no activa adecuadamente acceso SSH para operadores, lo que tiene un impacto no especifico y vectores de ataque remotos. • https://pivotal.io/security/cve-2016-0897 • CWE-310: Cryptographic Issues •
CVE-2016-4380
https://notcve.org/view.php?id=CVE-2016-4380
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el AdminUI en HPE Operations Manager 9.21.x en versiones anteriores a 9.21.130 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92698 http://www.securitytracker.com/id/1036716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4373
https://notcve.org/view.php?id=CVE-2016-4373
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El AdminUI en HPE Operations Manager (OM) en versiones anteriores a 9.21.130 en Linux, Unix y Solaris permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • http://www.securityfocus.com/bid/92122 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05206507 • CWE-284: Improper Access Control •
CVE-2014-5073 – VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. vmtadmin.cgi en VMTurbo Operations Manager anterior a 4.6 build 28657 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro fileDate en una llamada DOWN. • https://www.exploit-db.com/exploits/34335 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://secunia.com/advisories/58880 http://secunia.com/secunia_research/2014-8 http://www.exploit-db.com/exploits/34335 http://www.osvdb.org/109572 http://www.securityfocus.com/bid/69225 https://exchange.xforce.ibmcloud.com/vulnerabilities/95319 http •