CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45621
https://notcve.org/view.php?id=CVE-2023-45621
14 Nov 2023 — Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. Existen vulnerabilidades de Denegación de Servicio (DoS) no autenticadas en CLI Service al que se accede a través del protocolo PAPI. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45620
https://notcve.org/view.php?id=CVE-2023-45620
14 Nov 2023 — Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. Existen vulnerabilidades de Denegación de Servicio (DoS) no autenticadas en CLI Service al que se accede a través del protocolo PAPI. La explotación exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 8.5EPSS: 1%CPEs: 5EXPL: 0CVE-2023-45619
https://notcve.org/view.php?id=CVE-2023-45619
14 Nov 2023 — There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Existe una vulnerabilidad de eliminación arbitraria de archivos en RSSI Service al que accede PAPI (el protocolo de gestión de puntos de acces... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45618
https://notcve.org/view.php?id=CVE-2023-45618
14 Nov 2023 — There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Existen vulnerabilidades de eliminación arbitraria de archivos en AirWave Client Service al que accede PAPI (el protocolo de gesti... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45617
https://notcve.org/view.php?id=CVE-2023-45617
14 Nov 2023 — There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Existen vulnerabilidades de eliminación de archivos arbitrarios en CLI Service al que accede PAPI (el protocolo de administración de puntos d... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45616
https://notcve.org/view.php?id=CVE-2023-45616
14 Nov 2023 — There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existe una vulnerabilidad de desbordamiento del búfer en AirWave Client Service subyacente que podría c... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45615
https://notcve.org/view.php?id=CVE-2023-45615
14 Nov 2023 — There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existen vulnerabilidades de desbordamiento del búfer en CLI Service subyacente que podrían provocar la ejecució... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45614
https://notcve.org/view.php?id=CVE-2023-45614
14 Nov 2023 — There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existen vulnerabilidades de desbordamiento del búfer en CLI Service subyacente que podrían provocar la ejecució... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
02 Nov 2023 — IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
02 Nov 2023 — IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas tran... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 • CWE-352: Cross-Site Request Forgery (CSRF) •