Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1892

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-15 Sep, 2011 | 10:00
Updated At-06 Aug, 2024 | 22:46
Rejected At-
Credits

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:15 Sep, 2011 | 10:00
Updated At:06 Aug, 2024 | 22:46
Rejected At:
▼CVE Numbering Authority (CNA)

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
vendor-advisory
x_refsource_MS
http://securityreason.com/securityalert/8386
third-party-advisory
x_refsource_SREASON
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
third-party-advisory
x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://securityreason.com/securityalert/8386
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
Resource:
vdb-entry
signature
x_refsource_OVAL
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
vendor-advisory
x_refsource_MS
x_transferred
http://securityreason.com/securityalert/8386
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
third-party-advisory
x_refsource_CERT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://securityreason.com/securityalert/8386
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:15 Sep, 2011 | 12:26
Updated At:11 Apr, 2025 | 00:51

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>forms_server>>2007
cpe:2.3:a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>forms_server>>2007
cpe:2.3:a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>groove>>2007
cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>groove_data_bridge_server>>2007
cpe:2.3:a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>groove_management_server>>2007
cpe:2.3:a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>groove_server>>2010
cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>groove_server>>2010
cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_web_apps>>2010
cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_web_apps>>2010
cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_foundation>>2010
cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2007
cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2007
cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2010
cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2010
cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_services>>3.0
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_services>>3.0
cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_workspace>>2010
cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_workspace>>2010
cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_workspace>>2010
cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_workspace>>2010
cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://securityreason.com/securityalert/8386secure@microsoft.com
N/A
http://www.us-cert.gov/cas/techalerts/TA11-256A.htmlsecure@microsoft.com
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907secure@microsoft.com
N/A
http://securityreason.com/securityalert/8386af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA11-256A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://securityreason.com/securityalert/8386
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8386
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1831Records found
CVE-2021-27052
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-8.86% / 92.19%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:46
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016
CVE-2021-3339
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.77% / 81.89%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 07:07
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-modernflown/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-26859
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:35
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power BI Information Disclosure Vulnerability

Microsoft Power BI Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_bi_report_serverPower BI Report Server version 15.0.1103.234Power BI Report Server version 15.0.1104.300
CVE-2021-27066
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:49
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Admin Center Security Feature Bypass Vulnerability

Windows Admin Center Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_admin_centerWindows Admin Center
CVE-2020-1259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows Server, version 2004 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2021-24101
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-12.33% / 93.62%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Information Disclosure Vulnerability

Microsoft Dataverse Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 8.2
CVE-2019-1313
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-26936
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.62% / 90.81%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Service Information Disclosure Vulnerability

Windows Server Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2014-2612
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-7.16% / 91.19%
||
7 Day CHG~0.00%
Published-28 Jun, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelrelease_controln/a
CVE-2022-26940
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.15% / 90.45%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-07 Jul, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11remote_desktop_clientwindows_server_2022Windows Server 2022Remote Desktop client for Windows DesktopWindows 11 version 21H2
CVE-2022-28148
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.20%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Action-Not Available
Vendor-Microsoft CorporationJenkins
Product-continuous_integration_with_toad_edgewindowsJenkins Continuous Integration with Toad Edge Plugin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21683
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.10%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 22:10
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.

Action-Not Available
Vendor-Microsoft CorporationJenkins
Product-windowsjenkinsJenkins
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20552
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 18:05
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsterling_file_gatewaywindowslinux_kernelSterling File Gateway
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20483
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20421
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.78%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:15
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-jazz_team_serverwindowslinux_kernelJazz Team Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20508
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.13% / 33.27%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 13:25
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-26896
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.9||MEDIUM
EPSS-3.02% / 86.07%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Information Disclosure Vulnerability

Azure Site Recovery Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
CVE-2018-21032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.47%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-solarislinux_kernelcompute_systems_managerautomation_directorwindowsdevice_managern/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-0856
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-18.82% / 95.05%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.</p> <p>To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2019-0819
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_serverMicrosoft SQL Server 2017 for x64-based Systems (CU+GDR)Microsoft SQL Server 2017 for x64-based Systems (GDR)
CVE-2018-8578
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serverMicrosoft SharePoint
CVE-2022-26785
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.79% / 90.94%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:04
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows Server 2016
CVE-2022-26897
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.9||MEDIUM
EPSS-4.13% / 88.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Information Disclosure Vulnerability

Azure Site Recovery Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
CVE-2022-26816
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.79% / 90.94%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Information Disclosure Vulnerability

Windows DNS Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows Server 2016
CVE-2022-26907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for .NET Information Disclosure Vulnerability

Azure SDK for .NET Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_.netAzure SDK for .Net
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-4687
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-20 Aug, 2020 | 15:55
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-content_navigatorwindowsaixlinux_kernelContent Navigator
CVE-2020-4843
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-4842
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 18:05
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-3998
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-23 Oct, 2020 | 13:49
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowshorizon_clientVMware Horizon Client for Windows
CVE-2020-4365
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-29605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 06:43
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)Microsoft Corporation
Product-windowsmantisbtn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-29603
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 06:41
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)Microsoft Corporation
Product-windowsmantisbtn/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-27017
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-4.9||MEDIUM
EPSS-1.00% / 76.05%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 23:10
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsinterscan_messaging_security_virtual_applianceTrend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-0664
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-15.07% / 94.31%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.</p> <p>To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-0637
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.03% / 94.08%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server
CVE-2019-4377
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.05%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-4738
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 22:11
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-19691
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.53% / 66.37%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 04:05
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsofficescanTrend Micro Apex One and OfficeScan
CVE-2019-19362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.25%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 02:52
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationTeamViewer
Product-windowsteamviewern/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2019-1443
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-15.08% / 94.31%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-1376
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-1230
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.36% / 84.29%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11397
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.68% / 90.03%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 20:18
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.

Action-Not Available
Vendor-rapidflowsn/aMicrosoft Corporation
Product-rapid4.net_frameworkn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-0821
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-13.70% / 94.00%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:27
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0962
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.9||MEDIUM
EPSS-4.65% / 88.88%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_automationAzure Automation
CVE-2019-0703
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-8.44% / 91.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:41
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2008windows_7windows_8.1windows_rt_8.1windows_10windows_server_2012windows_server_2019Windows ServerWindowsWindows
CVE-2019-0956
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-10.46% / 92.94%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-0588
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.95% / 85.91%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-0704
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.21% / 94.12%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:40
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0804
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.41% / 88.59%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:32
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-walinuxagentAzure
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 36
  • 37
  • Next
Details not found