Page 9 of 52 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. El uso de un algoritmo de cifrado de contraseña reversible permite a los atacantes descifrar contraseñas. El atacante puede descifrar fácilmente la información confidencial y las credenciales robadas pueden usarse para acciones arbitrarias que corrompan el sistema. • https://kemptechnologies.com https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 • CWE-257: Storing Passwords in a Recoverable Format •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. En las versiones de Flowmon anteriores a la 11.1.14 y 12.3.5, se identificó una vulnerabilidad de inyección de comandos del sistema operativo. Un usuario no autenticado puede acceder al sistema a través de la interfaz de administración de Flowmon, lo que permite la ejecución de comandos arbitrarios del sistema. • https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897 https://github.com/Abo5/CVE-2024-23897 https://github.com/adhikara13/CVE-2024-2389 https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability https://www.flowmon.com https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. Se ha identificado una vulnerabilidad de Cross-Site Request Forgery en LoadMaster. Es posible que un actor malintencionado, que tenga conocimiento previo de la IP o el nombre de host de un LoadMaster específico, dirija a un administrador de LoadMaster autenticado a un sitio de terceros. • https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 1

An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. Se ha identificado una vulnerabilidad de inyección de comandos del sistema operativo en LoadMaster. Un usuario de UI autenticado con cualquier configuración de permisos puede inyectar comandos en un componente de UI usando un comando de shell, lo que resulta en la inyección de comandos del sistema operativo. • https://github.com/minj-ae/CVE-2024-24488 https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. • https://github.com/ASR511-OO7/CVE-2024-22917 https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024 https://www.progress.com/moveit • CWE-778: Insufficient Logging •