CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-1758
https://notcve.org/view.php?id=CVE-2017-1758
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. IBM Financial Transaction Manager para ACH Services Multi-Platform (IBM Control Center 6.0 y 6.1; IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4 y 3.1.0; IBM Transformation Extender Advanced 9.0) es vulnerable a un ataque de XEE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22012828 http://www.ibm.com/support/docview.wss?uid=swg22013375 http://www.ibm.com/support/docview.wss?uid=swg22013432 http://www.securityfocus.com/bid/103130 https://exchange.xforce.ibmcloud.com/vulnerabilities/135859 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0252
https://notcve.org/view.php?id=CVE-2016-0252
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. IBM Control Center 6.x en versiones anteriores a 6.0.0.1 iFix06 y Sterling Control Center 5.4.x en versiones anteriores a 5.4.2.1 iFix09 permiten a usuarios locales descifrar la clave maestra a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21985641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-5420 – EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability
https://notcve.org/view.php?id=CVE-2008-5420
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. El servicio SAN Manager Master Agent (alias msragent.exe)en EMC Control Center anterior 6.1 no autentica adecuadamente peticiones SST_SENDFILE, las cuales permiten a atacantes remotos leer archivos de su elección. This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. • http://osvdb.org/50032 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4709 http://www.securityfocus.com/archive/1/498556/100/0/threaded http://www.securityfocus.com/bid/32392 http://www.securitytracker.com/id?1021263 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/46753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 39%CPEs: 2EXPL: 0CVE-2008-5419 – EMC Control Center SST_CTGTRANS Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5419
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. Desbordamiento de búfer basado en pila en SAN Manager Master Agent service (antes conocido como msragent.exe) en EMC Control Center v5.2 SP5 and v6.0 permite a atacantes remotos ejecutar código a su elección a través de la ejecución de código a través de múltiples peticiones SST_CTGTRANS. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. • http://osvdb.org/50031 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4710 http://www.securityfocus.com/archive/1/498555/100/0/threaded http://www.securityfocus.com/bid/32389 http://www.securitytracker.com/id?1021262 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-075 https://exchange.xforce.ibmcloud.com/vulnerabilities/46751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •