Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-44235

Summary
Assigner-sap
Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At-14 Dec, 2021 | 15:44
Updated At-04 Aug, 2024 | 04:17
Rejected At-
Credits

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sap
Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At:14 Dec, 2021 | 15:44
Updated At:04 Aug, 2024 | 04:17
Rejected At:
▼CVE Numbering Authority (CNA)

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.

Affected Products
Vendor
SAP SESAP SE
Product
SAP NetWeaver AS ABAP
Versions
Affected
  • < 700
  • < 701
  • < 702
  • < 710
  • < 711
  • < 730
  • < 731
  • < 740
  • < 750
  • < 751
  • < 752
  • < 753
  • < 754
  • < 755
  • < 756
Problem Types
TypeCWE IDDescription
textN/ACode Injection
Type: text
CWE ID: N/A
Description: Code Injection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3123196
x_refsource_MISC
Hyperlink: https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Resource:
x_refsource_MISC
Hyperlink: https://launchpad.support.sap.com/#/notes/3123196
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
x_refsource_MISC
x_transferred
https://launchpad.support.sap.com/#/notes/3123196
x_refsource_MISC
x_transferred
Hyperlink: https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://launchpad.support.sap.com/#/notes/3123196
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@sap.com
Published At:14 Dec, 2021 | 16:15
Updated At:06 Oct, 2022 | 15:09

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

SAP SE
sap
>>netweaver_application_server_abap>>700
cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>701
cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>702
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>710
cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>711
cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>730
cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>731
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>740
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>750
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>751
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>752
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>753
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>754
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>755
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
SAP SE
sap
>>netweaver_application_server_abap>>756
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://launchpad.support.sap.com/#/notes/3123196cna@sap.com
Permissions Required
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021cna@sap.com
Vendor Advisory
Hyperlink: https://launchpad.support.sap.com/#/notes/3123196
Source: cna@sap.com
Resource:
Permissions Required
Hyperlink: https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Source: cna@sap.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

326Records found

CVE-2022-24396
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.62%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

Action-Not Available
Vendor-SAP SE
Product-simple_diagnostics_agentSAP Focused Run (Simple Diagnostics Agent)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-31594
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 18:44
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.

Action-Not Available
Vendor-SAP SE
Product-adaptive_server_enterpriseSAP Adaptive Server Enterprise (ASE)
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-0357
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 31.18%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 16:48
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.

Action-Not Available
Vendor-SAP SE
Product-hanaSAP HANA
CVE-2002-1576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.36%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_dbn/a
CVE-2003-1033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 26.93%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_dbn/a
CVE-2003-0938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.75%
||
7 Day CHG~0.00%
Published-21 Nov, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Action-Not Available
Vendor-n/aSAP SE
Product-sap_dbn/a
CVE-2001-0366
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.32%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.

Action-Not Available
Vendor-n/aSAP SE
Product-saposcolsap_r_3_web_application_server_demon/a
CVE-2021-27611
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-8.2||HIGH
EPSS-0.27% / 18.57%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:19
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver AS ABAP
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-3449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.

Action-Not Available
Vendor-n/aSAP SE
Product-afarian/a
CVE-2015-6507
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.66%
||
7 Day CHG~0.00%
Published-15 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.44% / 35.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aSAP SE
Product-document_management_servicesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-0012
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 9.59%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 02:44
Updated-09 Apr, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in SAP Host Agent (Windows)

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.

Action-Not Available
Vendor-Microsoft CorporationSAP SE
Product-windowshost_agentHost Agent (Windows)
CWE ID-CWE-284
Improper Access Control
CVE-2022-31590
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 18:39
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.

Action-Not Available
Vendor-SAP SE
Product-powerdesigner_proxySAP PowerDesigner Proxy 16.7
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-27616
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.27% / 18.38%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 14:19
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-business-one-hana-chef-cookbookbusiness_oneSAP Business One, version for SAP HANA (Cookbooks)
CVE-2020-6245
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 25.48%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 17:49
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP Business Objects Business Intelligence Platform
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-22132
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.4||HIGH
EPSS-0.49% / 38.58%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 02:33
Updated-24 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection vulnerability in SAP IDES Systems

SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-ides_eccSAP IDES Systems
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-0328
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.2||HIGH
EPSS-3.42% / 87.45%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 19:10
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-netweaver_process_integrationSAP NetWeaver Process Integration ABAP tests (SAP Basis)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-25617
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-9||CRITICAL
EPSS-0.93% / 56.12%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 04:42
Updated-27 Feb, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformBusiness Objects (Adaptive Job Server)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-37531
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-9.9||CRITICAL
EPSS-3.05% / 85.97%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 11:15
Updated-04 Aug, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-netweaver_knowledge_management_xml_formsSAP NetWeaver Knowledge Management XML Forms
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-6147
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.54% / 90.40%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

Action-Not Available
Vendor-n/aSAP SE
Product-trexn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-42892
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 53.18%
||
7 Day CHG-0.05%
Published-11 Nov, 2025 | 00:17
Updated-16 Jan, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection vulnerability in SAP Business Connector

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Action-Not Available
Vendor-SAP SE
Product-business_connectorSAP Business Connector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-6364
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-6.41% / 92.84%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 01:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.

Action-Not Available
Vendor-SAP SE
Product-introscope_enterprise_managerSAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26838
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-9.1||CRITICAL
EPSS-2.15% / 79.92%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 16:31
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

Action-Not Available
Vendor-SAP SE
Product-business_warehousebw\/4hanaSAP BW4HANASAP Business Warehouse
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36922
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-9.1||CRITICAL
EPSS-0.70% / 48.64%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 02:56
Updated-02 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP ECC and SAP S/4HANA (IS-OIL)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1699
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.66% / 47.19%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:55
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Threat Defense (FTD) Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1709
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.68% / 47.72%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1612
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.47% / 37.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-21 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000nexus_9500nx-osnexus_3000nexus_3600Nexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 3500 Platform SwitchesNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.12% / 62.28%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 15:30
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.

Action-Not Available
Vendor-alcatelmobilen/a
Product-cingular_flip_2cingular_flip_2_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1623
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.51% / 39.56%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 02:40
Updated-20 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meeting Server CLI Command Injection Vulnerability

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-21583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.52% / 40.37%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-20 Dec, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-util-linuxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54483
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:34
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49813
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.49% / 38.70%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:18
Updated-03 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-4075
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.45% / 36.08%
||
7 Day CHG~0.00%
Published-05 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43948
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.62%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 16:06
Updated-23 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebfortiadcFortiADCFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-1.56% / 72.18%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 13:59
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.

Action-Not Available
Vendor-spirentn/a
Product-avalanchetestcenterc100-mpn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-17148
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 23:05
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.

Action-Not Available
Vendor-Parallels International Gmbh
Product-parallels_desktopDesktop
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35844
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.29% / 21.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1727
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:45
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_3100vmds_9500mds_9000nexus_9200nexus_5600nx-osnexus_3200mds_9700nexus_6000nexus_5500nexus_3400nexus_3100nexus_9000mds_9100nexus_9500nexus_3548-xnexus_3100-znexus_7000nexus_3524-xlnexus_9300nexus_3548-xlnexus_3000nexus_3600mds_9200nexus_7700nexus_3524-xCisco NX-OS Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34437
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.46% / 36.39%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-58257
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.7||MEDIUM
EPSS-0.36% / 27.79%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 03:15
Updated-08 Dec, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-enzoh-w5611tenzoh-w5611t_firmwareEnzoH-W5611T
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-56497
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.29%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-03 Feb, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortirecorderfortimailFortiMailFortiRecorder
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54025
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 34.06%
||
7 Day CHG-0.01%
Published-08 Apr, 2025 | 14:02
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15277
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29256
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 28.99%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 21:20
Updated-23 Apr, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5.

Action-Not Available
Vendor-sharp_projectlovell
Product-sharpsharp
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15275
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.45% / 35.68%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-26532
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.8||HIGH
EPSS-4.79% / 90.85%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 05:20
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_60w_firmwarenwa210ax_firmwarewac6502d-e_firmwareatp100atp800_firmwareusg_2200-vpn_firmwareusg_flex_100atp100w_firmwarenwa1302-ac_firmwarenap303_firmwarenxc2500nsg300nwa1123-ac-pro_firmwarenwa110ax_firmwareusg300_firmwarewax510d_firmwareusg200usg_40wnwa90ax_firmwarensg100atp500_firmwareusg_20w-vpn_firmwarewac6502d-eatp800nap203_firmwarevpn50usg310wac6103d-iusg_40w_firmwarewac5302d-sv2nwa1123-ac-prowac6502d-s_firmwarewac6552d-swac5302d-sv2_firmwarenap203wax650susg2200wax610d_firmwareatp200_firmwarenwa55axe_firmwarewac500hnsg300_firmwareatp100_firmwareusg_flex_500_firmwarenwa50axwax610dnsg100_firmwareusg200_firmwarewac6552d-s_firmwarevpn300usg_flex_100wwac500usg_110_firmwareatp700_firmwareusg_60wusg210nap353nsg50wax650s_firmwareusg_110usg_1900_firmwareatp500wac6103d-i_firmwarenwa1123acv3_firmwareusg_40vpn300_firmwarewax630snwa5123-ac-hd_firmwarenwa50ax_firmwareusg_1900wac500h_firmwarenwa1123-ac-hdusg_flex_100w_firmwarenap303usg_2200-vpnvpn50_firmwareatp200atp700usg_20wusg_20w-vpnnwa1302-acvpn1000_firmwarewac6553d-swac5302d-s_firmwarewac5302d-snwa110axusg_flex_500usg310_firmwareusg20usg_310vpn100usg_1100usg_310_firmwarensg50_firmwarewac6303d-s_firmwarewac6553d-s_firmwareusg_flex_200nwa210axusg_40_firmwareatp100wusg_flex_200_firmwarenxc5500usg210_firmwareusg_20w_firmwarenwa1123acv3usg300vpn100_firmwareusg_flex_700usg_60_firmwarenwa1123-ac-hd_firmwareusg2200_firmwarenwa55axenap353_firmwarewax630s_firmwarewac6503d-s_firmwarewac500_firmwareusg_60usg20_firmwarewac6303d-snwa5123-ac-hdusg_flex_100_firmwarenxc5500_firmwarewac6503d-snwa90axwax510dnxc2500_firmwarewac6502d-susg_flex_700_firmwarevpn1000usg_1100_firmwareATP series firmwareWAC500 firmwareNSG series firmwareVPN series firmwareNXC2500 firmwareNWA50AX firmwareUSG FLEX series firmwareUSG/ZyWALL series firmwareWAX510D firmwareNAP203 firmware
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-26868
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.40% / 32.17%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 30.68%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:24
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.

Action-Not Available
Vendor-n/aTECNO MOBILE LIMITED
Product-camon_iclickcamon_iclick_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-25328
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-5||MEDIUM
EPSS-0.20% / 9.91%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 11:00
Updated-21 Apr, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation through command injection in fscrypt

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

Action-Not Available
Vendor-Google LLC
Product-fscryptfscrypt
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2009-3233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.95% / 57.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.

Action-Not Available
Vendor-cameron_morlandn/a
Product-changetrackn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found