6 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. Se ha identificado una vulnerabilidad en Spectrum Power 4 (Todas las versiones anteriores a V4.70 SP9 Security Patch 1). La aplicación web integrada "Online Help" del producto afectado contiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) que podría explotarse si usuarios desprevenidos son engañados para que accedan a un enlace malicioso • https://cert-portal.siemens.com/productcert/pdf/ssa-831168.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 97%CPEs: 96EXPL: 4

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Se descubrió que la corrección para abordar CVE-2021-44228 en Apache Log4j versiones 2.15.0 estaba incompleta en ciertas configuraciones no predeterminadas. Esto podría permitir a los atacantes con control sobre los datos de entrada de Thread Context Map (MDC) cuando la configuración de registro utiliza un Pattern Layout no predeterminado con un Context Lookup (por ejemplo, $${ctx:loginId}) o un Thread Context Map pattern (%X, %mdc, o %MDC) para elaborar datos de entrada maliciosos utilizando un patrón JNDI Lookup que resulta en una fuga de información y ejecución de código remoto en algunos entornos y ejecución de código local en todos los entornos. • https://github.com/BobTheShoplifter/CVE-2021-45046-Info https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 https://github.com/tejas-nagchandi/CVE-2021-45046 https://github.com/pravin-pp/log4j2-CVE-2021-45046 http://www.openwall.com/lists/oss-security/2021/12/14/4 http://www.openwall.com/lists/oss-security/2021/12/15/3 http://www.openwall.com/lists/oss-security/2021/12/18/1 https://cert-portal.siemen • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 10.0EPSS: 96%CPEs: 398EXPL: 30

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. • https://github.com/fullhunt/log4j-scan https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/cyberstruggle/L4sh https://github.com/woodpecker-appstore/log4j-payload-generator https://github.com/tangxiaofeng7/apache-log4j-poc https://www.exploit-db.com/exploits/51183 https://www.exploit-db.com/exploits/50592 https://www.exploit-db.com/exploits/50590 https://github.com/logpresso/CVE-2021-44228-Scanner https://github.com/jas502n/Log4j2-CVE-2021-44228 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. Se ha identificado una vulnerabilidad en Spectrum Power 4 (todas las versiones anteriores a V4.70 SP8).&#xa0;Si se configura de manera no segura, el servidor web puede ser susceptible a un ataque de lista de directorios. • https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-548: Exposure of Information Through Directory Listing •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. Se ha identificado una vulnerabilidad en Spectrum Power 4 (todas las versiones anteriores a V4.70 SP8).&#xa0;El almacenamiento no seguro de información confidencial en los archivos de configuración podría permitir la recuperación de los nombres de usuario. • https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf • CWE-312: Cleartext Storage of Sensitive Information •