CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51071
https://notcve.org/view.php?id=CVE-2023-51071
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. Un problema de control de acceso en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados desactivar arbitrariamente el servicio SMB en la instancia Qstar de una víctima ejecutando un comando específico en un enlace. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51071.md •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51064
https://notcve.org/view.php?id=CVE-2023-51064
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. Se descubrió que QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0, contiene una vulnerabilidad de XSS reflejado basada en DOM dentro del componente qnme-ajax?method=tree_table. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51064.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51066
https://notcve.org/view.php?id=CVE-2023-51066
An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. Una vulnerabilidad de ejecución remota de código autenticado en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a los atacantes ejecutar comandos de forma arbitraria. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51066.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51062
https://notcve.org/view.php?id=CVE-2023-51062
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. Un archivo de registro no autenticado leído en el componente log-smblog-save de QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 permite a los atacantes revelar el contenido del registro SMB mediante la ejecución de un comando manipulado. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51062.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51065
https://notcve.org/view.php?id=CVE-2023-51065
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. El control de acceso incorrecto en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados obtener copias de seguridad del sistema y otra información confidencial del QStar Server. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51065.md •