Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1207

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 May, 2011 | 01:00
Updated At-16 Sep, 2024 | 17:29
Rejected At-
Credits

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 May, 2011 | 01:00
Updated At:16 Sep, 2024 | 17:29
Rejected At:
▼CVE Numbering Authority (CNA)

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1025464
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/43474
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/1129
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/43399
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/47643
vdb-entry
x_refsource_BID
https://www.ibm.com/support/docview.wss?uid=swg21497689
x_refsource_CONFIRM
Hyperlink: http://securitytracker.com/id?1025464
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/43474
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/1129
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/43399
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/47643
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.ibm.com/support/docview.wss?uid=swg21497689
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1025464
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/43474
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/1129
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/43399
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/47643
vdb-entry
x_refsource_BID
x_transferred
https://www.ibm.com/support/docview.wss?uid=swg21497689
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securitytracker.com/id?1025464
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/43474
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1129
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/43399
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47643
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.ibm.com/support/docview.wss?uid=swg21497689
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 May, 2011 | 02:39
Updated At:11 Apr, 2025 | 00:51

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>rational_system_architect>>Versions up to 11.4.0.2(inclusive)
cpe:2.3:a:ibm:rational_system_architect:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.3
cpe:2.3:a:ibm:rational_system_architect:11.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.3.1
cpe:2.3:a:ibm:rational_system_architect:11.3.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.3.1.1
cpe:2.3:a:ibm:rational_system_architect:11.3.1.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.3.1.2
cpe:2.3:a:ibm:rational_system_architect:11.3.1.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.3.1.3
cpe:2.3:a:ibm:rational_system_architect:11.3.1.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.4
cpe:2.3:a:ibm:rational_system_architect:11.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rational_system_architect>>11.4.0.1
cpe:2.3:a:ibm:rational_system_architect:11.4.0.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/43399cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/43474cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1025464cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/47643cve@mitre.org
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/1129cve@mitre.org
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg21497689cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/43399af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43474af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1025464af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/47643af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/1129af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg21497689af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43399
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43474
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1025464
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/47643
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2011/1129
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.ibm.com/support/docview.wss?uid=swg21497689
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43399
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43474
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1025464
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/47643
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2011/1129
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.ibm.com/support/docview.wss?uid=swg21497689
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

169Records found
CVE-2017-1766
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_managerBusiness Process Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-35716
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.10%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 16:08
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-1628
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_managerBusiness Process Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-22326
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.94%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 16:05
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.

Action-Not Available
Vendor-IBM Corporation
Product-mq_appliance_m2002_firmwaremq_appliance_m2001mq_appliance_m2002datapower_gatewaymq_appliance_m2001_firmwareDataPower Gateway
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-22307
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:35
Updated-12 Dec, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium privilege escalation

IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-50946
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 15:44
Updated-11 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixcommon_licensinglinux_kernelwindowsCommon Licensing
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-1233
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 15:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_remote_controlBigFix Remote Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-30995
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.45%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 20:56
Updated-26 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex improper access control

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_faspexlinux_kernelAspera Faspexaspera_faspex
CWE ID-CWE-863
Incorrect Authorization
CVE-2013-0543
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 56.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSun Microsystems (Oracle Corporation)IBM CorporationHP Inc.
Product-websphere_application_serverhp-uxlinux_kernelsunosn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-4745
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.77%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_for_transportationmaximo_for_life_sciencesmaximo_asset_managementmaximo_for_oil_and_gasmaximo_for_utilitiesmaximo_for_nuclear_powermaximo_for_aviationMaximo Asset Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-4509
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-4311
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.72%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 23:36
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-25924
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:53
Updated-26 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Key Lifecycle Manager improper authorization

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-23476
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 14:40
Updated-11 Oct, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationrobotic_process_automation_for_cloud_pakRobotic Process AutomationRobotic Process Automation for Cloud Pak
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22593
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 4.98%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 18:00
Updated-06 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation for Cloud Pak security configuration

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftrobotic_process_automationRobotic Process Automation for Cloud Pak
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-38329
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:43
Updated-03 Aug, 2024 | 11:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.

Action-Not Available
Vendor-IBM Corporation
Product-storage_protect_for_virtual_environmentsStorage Protect for Virtual Environments: Data Protection for VMware
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-285
Improper Authorization
CVE-2007-2586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-59.97% / 98.19%
||
7 Day CHG~0.00%
Published-09 May, 2007 | 22:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-5242
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.70% / 70.99%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 22:55
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openHAB exec add-ons allow remote arbitrary command execution

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.

Action-Not Available
Vendor-openhabopenhab
Product-openhabopenhab-addons
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-12391
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found