CVSS: 9.8EPSS: 73%CPEs: 1EXPL: 2CVE-2020-7200 – Hewlett Packard Enterprise Systems Insight Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7200
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Systems Insight Manager (SIM) versión 7.6. La vulnerabilidad podría ser explotada para permitir una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Systems Insight Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AMF protocol. • https://github.com/alexfrancow/CVE-2020-7200 http://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us https://testbnull.medium.com/hpe-system-insight-manager-sim-amf-deserialization-lead-to-rce-cve-2020-7200-d49a9cf143c0 https://www.zerodayinitiative.com/advisories/ZDI-20-1449 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_u •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4658
https://notcve.org/view.php?id=CVE-2020-4658
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 https://www.ibm.com/support/pages/node/6382416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 https://www.ibm.com/support/pages/node/6382414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ataques contra el sistema. IBM X-Force ID: 172753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 https://www.ibm.com/support/pages/node/6380390 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7199
https://notcve.org/view.php?id=CVE-2020-7199
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. Se ha identificado una vulnerabilidad de seguridad en HPE Edgeline Infrastructure Manager, también se conoce como HPE Edgeline Infrastructure Management Software. La vulnerabilidad podría ser explotada remotamente para omitir la autenticación remota conllevando a una ejecución de comandos arbitrarios, consiguiendo un acceso privilegiado, causando una denegación de servicio y cambiando la configuración • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04063en_us • CWE-287: Improper Authentication •