Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-1673

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 Jan, 2021 | 19:42
Updated At-08 Oct, 2024 | 16:17
Rejected At-
Credits

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 Jan, 2021 | 19:42
Updated At:08 Oct, 2024 | 16:17
Rejected At:
▼CVE Numbering Authority (CNA)
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 20H2
CPEs
  • cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 20H2
CPEs
  • cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1803
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
CPEs
  • cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909
CPEs
  • cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1909 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 2004
CPEs
  • cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1507
CPEs
  • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
CPEs
  • cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
CPEs
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7
CPEs
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7 Service Pack 1
CPEs
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 8.1
CPEs
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1673
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1673
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Jan, 2021 | 20:15
Updated At:08 Oct, 2024 | 17:15

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>20h2
cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

490Records found
CVE-2022-23272
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-7.21% / 91.23%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_gpMicrosoft Dynamics GP
CVE-2022-23273
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-3.50% / 87.13%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_gpMicrosoft Dynamics GP
CVE-2022-23259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.92% / 92.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:02
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 9.1
CVE-2022-23294
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.20% / 89.55%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Remote Code Execution Vulnerability

Windows Event Tracing Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2019Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 21H2Windows 10 Version 21H1
CVE-2022-23274
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.56% / 87.25%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics GP Remote Code Execution Vulnerability

Microsoft Dynamics GP Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_gpMicrosoft Dynamics GP
CVE-2022-23265
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-6.11% / 90.42%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:06
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CVE-2022-23277
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-78.23% / 98.98%
||
7 Day CHG+2.95%
Published-09 Mar, 2022 | 17:06
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 10Microsoft Exchange Server 2016 Cumulative Update 21Microsoft Exchange Server 2016 Cumulative Update 22
CVE-2022-22013
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.99% / 92.75%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-22318
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowscuram_social_program_managementz\/osaixCuram Social Program Management
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-21920
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.09% / 88.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21957
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-6.45% / 90.68%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 9.1
CVE-2022-22375
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 9.82%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 01:21
Updated-13 Sep, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege command execution

IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_on-premisesmacoswindowsSecurity Verify Privilegesecurity_verify_privilege
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-22014
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.99% / 92.75%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21857
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.53% / 84.86%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Domain Services Elevation of Privilege Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-22005
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.25% / 91.89%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2013 Service Pack 1
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-21922
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.09% / 88.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2020-0688
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-94.35% / 99.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 15Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30Microsoft Exchange Server 2019 Cumulative Update 4Microsoft Exchange Server 2016 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2013Exchange Server
CWE ID-CWE-287
Improper Authentication
CVE-2020-0932
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-28.47% / 96.35%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0929
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.50% / 95.62%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-21984
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-6.41% / 90.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DNS Server Remote Code Execution Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_10Windows Server 2022Windows 10 Version 21H2Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2020-0920
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0662
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-34.80% / 96.88%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows Server, version 1909 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for x64-based Systems
CVE-2020-0931
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverbusiness_productivity_serverssharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft Business Productivity ServersMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0718
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.55% / 92.97%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-0761
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.55% / 92.97%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-01 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-1023
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-28.87% / 96.39%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-21837
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-9.59% / 92.56%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server Subscription Edition
CVE-2020-1024
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-28.87% / 96.39%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0618
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-94.25% / 99.92%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_serverMicrosoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)Microsoft SQL ServerMicrosoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)SQL Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-5528
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-7.2||HIGH
EPSS-21.08% / 95.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:32
Updated-03 Jan, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Action-Not Available
Vendor-Fedora ProjectKubernetesMicrosoft Corporation
Product-kuberneteswindowsfedorakubelet
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0974
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-22394
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-5.33% / 89.67%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 16:20
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protectwindowslinux_kernelSpectrum Protect Server
CVE-2023-4996
Matching Score-8
Assigner-Netskope
ShareView Details
Matching Score-8
Assigner-Netskope
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 22.50%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 10:16
Updated-05 Sep, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. 

Action-Not Available
Vendor-netskopeNetskopeMicrosoft Corporation
Product-windowsnetskopeNetskope Client
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-29814
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-7.57% / 91.46%
||
7 Day CHG+0.27%
Published-21 Mar, 2025 | 00:29
Updated-03 Jul, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Partner Center Elevation of Privilege Vulnerability

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-partner_centerMicrosoft Partner Center
CWE ID-CWE-20
Improper Input Validation
CVE-2025-29827
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.13% / 33.14%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 22:17
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Automation Elevation of Privilege Vulnerability

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_automationAzure Automation
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-29794
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-285
Improper Authorization
CVE-2025-30390
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.10% / 27.38%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-04 Jun, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure ML Compute Elevation of Privilege Vulnerability

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-285
Improper Authorization
CVE-2023-47706
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:59
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager file upload

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-4728
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-18.36% / 94.98%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-4759
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-1.21% / 78.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:12
Updated-07 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationEclipse Foundation AISBL
Product-jgitwindowsmacosEclipse JGitjgit
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2025-29826
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Elevation of Privilege Vulnerability

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-29807
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-1.31% / 79.03%
||
7 Day CHG+0.57%
Published-21 Mar, 2025 | 00:29
Updated-03 Jul, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-4551
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.2||HIGH
EPSS-0.12% / 32.18%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 20:56
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection via Task Scheduler

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.

Action-Not Available
Vendor-Open Text CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-appbuilderwindowslinux_kernelAppBuilderappbuilder
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27740
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-10 Jul, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Certificate Services Elevation of Privilege Vulnerability

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2012windows_server_2008windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2025Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-1390
Weak Authentication
CVE-2025-26647
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.04%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-10 Jul, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2012windows_server_2008windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2025Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21416
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-04 Jun, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Virtual Desktop Elevation of Privilege Vulnerability

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_virtual_desktopAzure Virtual Desktop
CWE ID-CWE-862
Missing Authorization
CVE-2025-21369
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.33%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Digest Authentication Remote Code Execution Vulnerability

Microsoft Digest Authentication Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 1507Windows 11 version 22H2Windows 10 Version 1607Windows Server 2022Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2016Windows Server 2012 R2Windows 11 version 22H3Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-40683
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.77%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 00:54
Updated-30 May, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson privilege escalation

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-openpages_with_watsonwindowslinux_kernelOpenPages with Watson
CWE ID-CWE-285
Improper Authorization
CVE-2024-7023
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8||HIGH
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 22:39
Updated-02 Jan, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChromechrome
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 9
  • 10
  • Next
Details not found