Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14915

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-25 Mar, 2026 | 20:12
Updated At-27 Mar, 2026 | 03:55
Rejected At-
Credits

IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:25 Mar, 2026 | 20:12
Updated At:27 Mar, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)
IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Application Server - Liberty
CPEs
  • cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.3:*:*:*:*:*:*:*
Versions
Affected
  • From 17.0.0.3 through 26.0.0.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70327. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to  How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .  For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.3 using the restConnector-1.0 or restConnector-2.0 feature(s):  · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH70327 https://www.ibm.com/support/pages/node/7266844   --OR-- · Apply Liberty Fix Pack 26.0.0.4 or later (targeted availability 2Q2026).  Additional interim fixes may be available and linked off the interim fix download page.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7267345
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7267345
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:25 Mar, 2026 | 21:16
Updated At:30 Mar, 2026 | 16:59

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
IBM Corporation
ibm
>>websphere_application_server>>Versions from 17.0.0.3(inclusive) to 26.0.0.4(exclusive)
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>i>>-
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>z\/os>>-
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarypsirt@us.ibm.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: psirt@us.ibm.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7267345psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7267345
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2612Records found
CVE-2023-0575
Matching Score-8
Assigner-Yugabyte, Inc.
ShareView Details
Matching Score-8
Assigner-Yugabyte, Inc.
CVSS Score-7.2||HIGH
EPSS-0.50% / 66.23%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 16:12
Updated-24 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0

Action-Not Available
Vendor-yugabyteYugabyteDBMicrosoft CorporationLinux Kernel Organization, IncApple Inc.
Product-iphone_oslinux_kernelwindowsmacosyugabytedbYugabyteDB
CWE ID-CWE-642
External Control of Critical State Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-19161
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.56% / 68.15%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 13:34
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD,

CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.

Action-Not Available
Vendor-cymiinstaller322_activex_projectTOBESOFT.CO.LTDMicrosoft Corporation
Product-windows_7windows_8cymiinstaller322_activexwindows_10MIPLATFORM
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-19165
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.80%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 15:02
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.

Action-Not Available
Vendor-inogardInogard Co,,LTDMicrosoft Corporation
Product-windows_7windows_8activexwindows_10Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) on Windows 7/8/10
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-16647
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.61% / 69.70%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 16:04
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.

Action-Not Available
Vendor-maxthonn/aMicrosoft Corporation
Product-maxthon_browserwindowsn/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2025-29793
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-21.93% / 95.78%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26854
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.6||MEDIUM
EPSS-4.93% / 89.64%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2019 Cumulative Update 8
CVE-2025-26635
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 76.75%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hello Security Feature Bypass Vulnerability

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_server_2019windows_11_23h2windows_10_1809windows_10_21h2windows_server_2022Windows Server 2022Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-1390
Weak Authentication
CVE-2022-43907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.41%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:38
Updated-01 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium command execution

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43863
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 57.10%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:25
Updated-25 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-25021
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.46% / 64.34%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 15:17
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software and IBM Cloud Pak for Security code injection

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-42845
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-1.45% / 80.84%
||
7 Day CHG+0.11%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-ipadostvoswatchosmacosiphone_osmacOSwatchOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41158
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.2||HIGH
EPSS-5.43% / 90.18%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eyoom builder Remote Code Execution Vulnerability

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.

Action-Not Available
Vendor-eyoomeyoom Co.,LtdLinux Kernel Organization, Inc
Product-linux_kerneleyoom_buildereyoom builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-40139
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.2||HIGH
EPSS-8.91% / 92.59%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 18:01
Updated-31 Oct, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-06||Apply updates per vendor instructions.

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsapex_oneTrend Micro Apex OneApex One and Apex One as a Service
CVE-2021-26422
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-4.37% / 88.97%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business and Lync Remote Code Execution Vulnerability

Skype for Business and Lync Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverMicrosoft Lync Server 2013 CU10Skype for Business Server 2019 CU5Skype for Business Server 2015 CU11
CVE-2021-26412
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-18.66% / 95.28%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-19 Nov, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2019 Cumulative Update 8
CVE-2021-27078
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-23.27% / 95.96%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2019 Cumulative Update 8
CVE-2021-25251
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.2||HIGH
EPSS-0.86% / 75.10%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 22:00
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-antivirus\+_security_2021premium_security_2021premium_security_2020windowsmaximum_security_2021internet_security_2020maximum_security_2020internet_security_2021antivirus\+_security_2020Trend Micro Security (Consumer)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24053
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 60.67%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 17:25
Updated-13 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Elevation of Privilege Vulnerability

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-285
Improper Authorization
CVE-2021-23338
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-6.6||MEDIUM
EPSS-2.85% / 86.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:50
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-qlibqlib
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26610
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.16% / 36.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:45
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
godomall5 remote code execution vulnerability

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

Action-Not Available
Vendor-nhn-commerceNHN COMMERCEMicrosoft Corporation
Product-windowsgodomall5godomall5 Std, godomall5 Pro
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-20385
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.67% / 71.38%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CVE-2021-20022
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-7.2||HIGH
EPSS-20.02% / 95.48%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:50
Updated-10 Nov, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

Action-Not Available
Vendor-Microsoft CorporationSonicWall Inc.
Product-email_security_appliance_7050_firmwareemail_security_appliance_9000email_security_appliance_8300_firmwareemail_securityhosted_email_securityemail_security_appliance_7000email_security_appliance_5000email_security_appliance_3300email_security_appliance_4300_firmwareemail_security_appliance_7000_firmwareemail_security_appliance_7050email_security_appliance_5050_firmwareemail_security_appliance_4300email_security_appliance_8300email_security_appliance_5000_firmwarewindowsemail_security_appliance_9000_firmwareemail_security_virtual_applianceemail_security_appliance_3300_firmwareemail_security_appliance_5050Email SecuritySonicWall Email Security
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-20533
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.37% / 58.96%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:16
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CVE-2021-20557
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-1.70% / 82.30%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3864
Matching Score-8
Assigner-Snow Software
ShareView Details
Matching Score-8
Assigner-Snow Software
CVSS Score-7.2||HIGH
EPSS-0.20% / 41.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 11:24
Updated-09 Oct, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in Snow License Manager

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

Action-Not Available
Vendor-snowsoftwareSnow SoftwaresnowsoftwareMicrosoft Corporation
Product-snow_license_managerwindowsSLMsnow_license_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-20081
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-62.61% / 98.38%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 11:01
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.Microsoft Corporation
Product-manageengine_servicedesk_pluswindowsManageEngine ServiceDesk Plus
CVE-2021-20451
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.07% / 21.97%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 18:16
Updated-07 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller SQL injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-38003
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:12
Updated-29 May, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 command execution

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CVE-2021-20527
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 16:20
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.

Action-Not Available
Vendor-IBM Corporation
Product-resilientResilient OnPrem
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-21348
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.80% / 74.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019
CWE ID-CWE-285
Improper Authorization
CVE-2023-36786
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.73% / 72.63%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business Remote Code Execution Vulnerability

Skype for Business Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2015 CU13Skype for Business Server 2019 CU7
CWE ID-CWE-36
Absolute Path Traversal
CVE-2023-36789
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.73% / 72.61%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business Remote Code Execution Vulnerability

Skype for Business Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2015 CU13Skype for Business Server 2019 CU7
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-36769
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.16% / 36.97%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 02:52
Updated-31 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Data file upload

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_dataCloud Pak for Data
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-35018
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-15 Oct, 2023 | 23:46
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance file upload

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-0193
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.31% / 54.60%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-in-band_manageabilityIntel(R) In-Band Manageability software
CWE ID-CWE-287
Improper Authentication
CVE-2022-35772
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.77% / 82.68%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:58
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recovery_vmware_to_azureAzure Site Recovery VMWare to Azure
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-34883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.26% / 79.46%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 06:30
Updated-25 Feb, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Action-Not Available
Vendor-Microsoft CorporationDocker, Inc.Hitachi, Ltd.
Product-raid_manager_storage_replication_adapterdockerwindowsRAID Manager Storage Replication Adapter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33166
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 23.94%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 02:33
Updated-12 Dec, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA file upload

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-33633
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-6.30% / 90.98%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business and Lync Remote Code Execution Vulnerability

Skype for Business and Lync Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_businesslync_serverMicrosoft Lync Server 2013 CU10Skype for Business Server 2015 CU12Skype for Business Server 2019 CU6
CVE-2022-33678
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-6.91% / 91.42%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
CVE-2022-33676
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-6.91% / 91.42%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
CVE-2022-32752
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 02:57
Updated-12 Dec, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA command execution

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33839
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 34.99%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 19:45
Updated-11 Sep, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance command execution

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governancesecurity_verify_governance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-8602
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.2||HIGH
EPSS-1.68% / 82.23%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 20:35
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsvulnerability_protectiondeep_security_managerTrend Micro Deep SecurityTrend Micro Vulnerability Management
CVE-2022-31665
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-5.56% / 90.30%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:06
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-linux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-31659
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-1.73% / 82.49%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:06
Updated-14 Nov, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-access_connectorlinux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31700
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-2.45% / 85.22%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Action-Not Available
Vendor-n/aMicrosoft CorporationVMware (Broadcom Inc.)
Product-cloud_foundationidentity_manageraccesswindowsVMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)
CVE-2022-30616
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8||HIGH
EPSS-0.40% / 60.86%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 17:30
Updated-17 Sep, 2024 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationRobotic Process Automation
CVE-2022-31658
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-3.75% / 88.04%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:07
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-access_connectorlinux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-26898
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-7.65% / 91.91%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recoveryAzure Site Recovery VMWare to Azure
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 52
  • 53
  • Next
Details not found