CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2023-39548
https://notcve.org/view.php?id=CVE-2023-39548
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0CVE-2023-39547
https://notcve.org/view.php?id=CVE-2023-39547
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2023-39546
https://notcve.org/view.php?id=CVE-2023-39546
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2023-39545
https://notcve.org/view.php?id=CVE-2023-39545
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2023-39544
https://notcve.org/view.php?id=CVE-2023-39544
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34822
https://notcve.org/view.php?id=CVE-2022-34822
08 Nov 2022 — Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de path traversal en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones ante... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34823
https://notcve.org/view.php?id=CVE-2022-34823
08 Nov 2022 — Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de desbordamiento de búfer en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y vers... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34824
https://notcve.org/view.php?id=CVE-2022-34824
08 Nov 2022 — Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de permisos débiles de archivos y carpetas en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESS... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34825
https://notcve.org/view.php?id=CVE-2022-34825
08 Nov 2022 — Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Elemento de Ruta de Búsqueda No Controlada en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y ... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20705
https://notcve.org/view.php?id=CVE-2021-20705
02 Nov 2021 — Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network. Una vulnerabilidad de validación de entrada inadecuada en el WebManager CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerS... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-20: Improper Input Validation •