Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-7818

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Nov, 2015 | 02:00
Updated At-06 Aug, 2024 | 07:59
Rejected At-
Credits

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Nov, 2015 | 02:00
Updated At:06 Aug, 2024 | 07:59
Rejected At:
▼CVE Numbering Authority (CNA)

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
x_refsource_MISC
https://support.lenovo.com/us/en/product_security/len_2015_074
x_refsource_CONFIRM
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-551/
Resource:
x_refsource_MISC
Hyperlink: https://support.lenovo.com/us/en/product_security/len_2015_074
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
x_refsource_MISC
x_transferred
https://support.lenovo.com/us/en/product_security/len_2015_074
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-551/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/len_2015_074
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 Nov, 2015 | 03:59
Updated At:12 Apr, 2025 | 10:46

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>system_networking_switch_center>>Versions up to 7.3.1.4(inclusive)
cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>switch_center>>Versions up to 8.1.1.0(inclusive)
cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.zerodayinitiative.com/advisories/ZDI-15-551/cve@mitre.org
N/A
https://support.lenovo.com/us/en/product_security/len_2015_074cve@mitre.org
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-551/af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.lenovo.com/us/en/product_security/len_2015_074af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-551/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/len_2015_074
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-15-551/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/len_2015_074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

329Records found
CVE-2002-0086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.44%
||
7 Day CHG~0.00%
Published-07 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CVE-2002-0678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

Action-Not Available
Vendor-compaqxi_graphicsn/aThe MITRE Corporation (Caldera)HP Inc.IBM CorporationSun Microsystems (Oracle Corporation)Silicon Graphics, Inc.
Product-tru64dextophp-uxaixsolarisirixunixwaresunosopenunixn/a
CVE-2001-1329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2001-1330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2014-8920
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-28 Jan, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-i_accessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2000-1202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.29%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.

Action-Not Available
Vendor-n/aIBM Corporation
Product-http_server_ssl_module_commonn/a
CVE-2000-1120
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.34%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2000-1122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2000-1121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.37%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2000-1222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.17% / 39.24%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2000-1124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.13% / 32.70%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-1403
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 9.72%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_opc_tracker_agentn/a
CVE-1999-1487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.16% / 37.52%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-1583
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.80%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2000-0249
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.82%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-1414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.23% / 78.32%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-netfinity_remote_controln/a
CVE-1999-1013
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 57.88%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

Action-Not Available
Vendor-digitalcden/aIBM CorporationSun Microsystems (Oracle Corporation)
Product-aixsolarissunosunixcden/a
CVE-2018-9062
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.71%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t480_firmwarethinkpad_x1_carbon_firmwarev510-15ikb_firmwarethinkpad_t580_firmwarethinkpad_x380_yogathinkpad_l480_firmwarethinkpad_e580_firmwarethinkpad_t25thinkpad_t480sthinkpad_t57020k3thinkpad_p51_firmwarethinkpad_p51smiix_720-12ikb_firmwarethinkpad_x280_firmwaree42-80_isk_firmwarethinkpad_p72_firmware20kf20k420kj20lfv310-14ikbthinkpad_p52thinkpad_l480v310-15ikb_firmwaree42-80_iskthinkpad_t470s_firmwaree52-80e42-80thinkpad_l58020hqthinkpad_e580thinkpad_l580_firmwaree42-80_firmwarev510-15ikbthinkpad_x1_tablet_firmwarethinkpad_yoga_11ev310-15isk_firmwarethinkpad_p7120lethinkpad_t470p_firmwarethinkpad_e480_firmwarev310-15iskthinkpad_p51s_firmware20jbthinkpad_yoga_37020hrthinkpad_s1_firmwarev310-14ikb_firmware20ld20hn20k620kg20khthinkpad_t470v310-14iskthinkpad_l380_firmwarethinkpad_l380thinkpad_x270_firmwarethinkpad_t580thinkpad_x1_yoga_firmware20k520kkthinkpad_s120lgthinkpad_t570_firmwarethinkpad_e480thinkpad_t480s_firmwarethinkpad_p5120jev510-14ikbv310-15ikbe52-80_iskthinkpad_p52s_firmwarethinkpad_p71_firmware20jgmiix_720-12ikbv310-14isk_firmwarev510-14ikb_firmwarethinkpad_t470sthinkpad_p72thinkpad_x380_yoga_firmware20hmthinkpad_t470p20jf20ke20jdthinkpad_t25_firmware20jcthinkpad_yoga_370_firmwarethinkpad_t480e52-80_isk_firmwarethinkpad_p52_firmwarethinkpad_t470_firmwarethinkpad_p52sthinkpad_yoga_11e_firmwaree52-80_firmwaresome Lenovo ThinkPads
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-1999-0318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Action-Not Available
Vendor-n/aIBM CorporationRed Hat, Inc.Sun Microsystems (Oracle Corporation)HP Inc.
Product-hp-uxaixsolarissunoslinuxn/a
CVE-1999-0852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.24%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-2016-3053
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

Action-Not Available
Vendor-IBM Corporation
Product-aixAIX
CVE-1999-1121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-1208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.77% / 87.59%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX infod allows local users to gain root access through an X display.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0055
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 24.28%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in Sun libnsl allow root access.

Action-Not Available
Vendor-n/aIBM CorporationSun Microsystems (Oracle Corporation)
Product-solarissunosaixn/a
CVE-1999-0064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX lquerylv program gives root access to local users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Action-Not Available
Vendor-digitaln/aFreeBSD FoundationHP Inc.Apple Inc.NEC CorporationLinux Kernel Organization, IncIBM Corporation
Product-linux_kernelhp-uxews-ux_vaixa_uxup-ux_vasl_ux_4800freebsdosf_1n/a
CVE-1999-0014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.86% / 74.11%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized privileged access or denial of service via dtappgather program in CDE.

Action-Not Available
Vendor-cden/aIBM CorporationHP Inc.
Product-hp-uxvvoscdeaixn/a
CVE-1999-0022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.52%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Action-Not Available
Vendor-bsdin/absdiSilicon Graphics, Inc.IBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)HP Inc.
Product-bsd_oshp-uxaixsolarisirixsunosfreebsdn/afreebsdbsd_ossolarissunoshp-uxaixirix
CWE ID-CWE-125
Out-of-bounds Read
CVE-1999-0092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.71% / 71.30%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various vulnerabilities in the AIX portmir command allows local users to obtain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX bugfiler program allows local users to gain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command execution in Sun systems via buffer overflow in the at program.

Action-Not Available
Vendor-ncrscon/aSilicon Graphics, Inc.IBM CorporationSun Microsystems (Oracle Corporation)
Product-aixopenservermp-rasirixopen_desktopunixwaresunosn/a
CVE-1999-0090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX rcp command allows local users to obtain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.89% / 74.49%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local users can start Sendmail in daemon mode and gain root privileges.

Action-Not Available
Vendor-eric_allmanbsdin/aThe MITRE Corporation (Caldera)HP Inc.IBM CorporationFreeBSD FoundationRed Hat, Inc.
Product-sendmailbsd_oshp-uxaixfreebsdlinuxnetwork_desktopn/a
CVE-1999-0072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX xdat gives root access to local users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0131
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Action-Not Available
Vendor-digitaleric_allmanbsdiscon/aIBM CorporationRed Hat, Inc.FreeBSD FoundationHP Inc.
Product-sendmailbsd_osinternet_faststarthp-uxaixopenserverfreebsdosf_1linuxn/a
CVE-1999-0038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in xlock program allows local users to execute commands as root.

Action-Not Available
Vendor-bsdidata_generaln/aSilicon Graphics, Inc.IBM CorporationDebian GNU/LinuxSun Microsystems (Oracle Corporation)HP Inc.
Product-bsd_oshp-uxdg_uxaixsolarisirixsunosdebian_linuxn/axlock
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.82%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX passwd allows local users to gain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2010-1347
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-12 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIBM Corporation
Product-aixdirector_agentlinux_kerneln/a
CVE-1999-0122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-6.71% / 90.87%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX lchangelv gives root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0112
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.66% / 87.41%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX dtterm program for the CDE.

Action-Not Available
Vendor-cden/aIBM Corporation
Product-cdeaixn/a
CVE-2010-0961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.60%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixviosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Action-Not Available
Vendor-bsdin/aFreeBSD FoundationHP Inc.Silicon Graphics, Inc.NEC CorporationSun Microsystems (Oracle Corporation)IBM Corporation
Product-bsd_oshp-uxews-ux_vaixsolarisup-ux_vasl_ux_4800irixsunosfreebsdn/a
CVE-2021-3843
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x380_yogathinkpad_11e_4th_gen_i7_firmwarethinkpad_11e_4th_gen_celeron_firmwarethinkpad_t460_firmwarethinkpad_x260_firmwarethinkpad_x390_yoga_firmwarethinkpad_11e_4th_gen_i3_firmwarethinkpad_l380_firmwarethinkpad_l390thinkpad_11e_4th_gen_celeronthinkpad_l15_gen_1_firmwarethinkpad_11e_4th_gen_i3thinkpad_l14_gen_1thinkpad_l380thinkpad_11e_5th_genthinkpad_x1_fold_gen_1thinkpad_l390_yogathinkpad_11e_3rd_genthinkpad_s2_yoga_gen_6_firmwarethinkpad_x390_yogathinkpad_l15_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x12_detachable_gen_1thinkpad_11e_5th_gen_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l13_yoga_gen_2thinkpad_l13_firmwarethinkpad_l380_yogathinkpad_s5_2nd_genthinkpad_l14_gen_1_firmwarethinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_l390_firmwarethinkpad_l13_yoga_gen_2_firmwarethinkpad_l14_firmwarethinkpad_t460thinkpad_l390_yoga_firmwarethinkpad_13_gen_2thinkpad_l15thinkpad_l13_gen_2_firmwarethinkpad_s2_yoga_gen_6thinkpad_x380_yoga_firmwarethinkpad_11e_4th_gen_i7thinkpad_l13_gen_2thinkpad_l380_yoga_firmwarethinkpad_11e_4th_gen_i5thinkpad_s2_gen_6thinkpad_11e_3rd_gen_firmwarethinkpad_x260thinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_11e_4th_gen_i5_firmwarethinkpad_s2_gen_6_firmwarethinkpad_11e_yoga_gen_6thinkpad_yoga_370thinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1223
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-17 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-windowstivoli_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2393
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.63%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-fingerprint_managertouch_fingerprintn/a
CVE-2009-4361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.95%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found