Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45087

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-27 May, 2026 | 17:34
Updated At-28 May, 2026 | 13:58
Rejected At-
Credits

Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options — including FoundAction and FoundActionShell — is deserialized directly from attacker-supplied JSON in POST /scan, and because dalfox.Initialize explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered. This vulnerability is fixed in 2.13.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:27 May, 2026 | 17:34
Updated At:28 May, 2026 | 13:58
Rejected At:
▼CVE Numbering Authority (CNA)
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options — including FoundAction and FoundActionShell — is deserialized directly from attacker-supplied JSON in POST /scan, and because dalfox.Initialize explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered. This vulnerability is fixed in 2.13.0.

Affected Products
Vendor
hahwul
Product
dalfox
Versions
Affected
  • < 2.13.0
Problem Types
TypeCWE IDDescription
CWECWE-15CWE-15: External Control of System or Configuration Setting
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-15
Description: CWE-15: External Control of System or Configuration Setting
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
x_refsource_CONFIRM
https://github.com/hahwul/dalfox/releases/tag/v2.13.0
x_refsource_MISC
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/hahwul/dalfox/releases/tag/v2.13.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
exploit
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:27 May, 2026 | 18:16
Updated At:28 May, 2026 | 14:16

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options — including FoundAction and FoundActionShell — is deserialized directly from attacker-supplied JSON in POST /scan, and because dalfox.Initialize explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered. This vulnerability is fixed in 2.13.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-15Secondarysecurity-advisories@github.com
CWE-78Secondarysecurity-advisories@github.com
CWE-306Secondarysecurity-advisories@github.com
CWE ID: CWE-15
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-78
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/hahwul/dalfox/releases/tag/v2.13.0security-advisories@github.com
N/A
https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4hsecurity-advisories@github.com
N/A
https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/hahwul/dalfox/releases/tag/v2.13.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2023-4699
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-10||CRITICAL
EPSS-1.31% / 80.10%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 05:02
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-fx3u-64mr\/ds_firmwarefx3uc-32mt-lt-2fx3u-128mt\/ess_firmwarefx3u-48mt\/es-a_firmwarefx5u-64mr\/dsfx3u-32ms\/esfx3g-14mt\/es-afx3s-10mr\/es_firmwarefx5uj-24mt\/es-a_firmwarefx3ge-24mt\/dsfx3u-64mr\/ua1fx3u-16mr\/es_firmwarefx5uc-64mt\/d_firmwarefx3u-80mt\/dsfx3ge-40mt\/dssfx3u-48mt\/dsfx3u-80mr\/es_firmwarefx5uj-24mr\/ds_firmwarefx3u-64mr\/es_firmwarefx3g-24mr\/es-a_firmwarefx3u-16mr\/es-afx3u-128mt\/es-afx5u-80mt\/dss_firmwarefx5u-32mt\/ess_firmwarefx3s-14mt\/esfx5u-32mt\/ds_firmwarefx3g-60mt\/es_firmwarefx5uj-40mr\/es-afx5uj-60mt\/dsfx3uc-96mt\/dfx5s-30mt\/ess_firmwarefx3s-30mt\/esfx3g-24mt\/ds_firmwarefx3ge-24mt\/ds_firmwarefx5u-64mt\/dss_firmwarefx5u-80mr\/dsfx5uc-32mt\/ds-ts_firmwarefx3uc-64mt\/dssfx3u-64mt\/esfx3g-24mt\/es-afx3ge-40mr\/dsfx5s-80mr\/es_firmwarefx3s-30mr\/es-2adfx5s-60mt\/ess_firmwarefx3g-24mt\/dss_firmwarefx5uj-24mt\/dss_firmwarefx3s-30mr\/ds_firmwarefx3u-16mt\/es_firmwarefx3sa-30mr-cm_firmwarefx3gc-32mt\/d_firmwarefx3ge-24mt\/dssfx3ga-24mr-cmfx3uc-96mt\/dss_firmwarefx5uc-32mt\/ds-tsfx3u-16mt\/dss_firmwarefx3g-14mr\/es-afx3sa-10mr-cmfx3g-60mt\/dssfx3s-14mt\/es_firmwarefx3g-40mt\/es-afx5uj-24mr\/es_firmwarefx5uj-24mr\/esfx3uc-32mt-lt_firmwarefx3ga-24mr-cm_firmwarefx5uj-24mt\/essfx5s-60mr\/esfx5uc-32mt\/dss_firmwarefx3uc-32mt\/dfx3uc-16mt\/dss-p4fx3sa-10mt-cmfx5s-60mt\/essfx5u-80mr\/esfx3g-40mt\/dsfx5u-80mt\/dssfx3g-60mr\/es-a_firmwarefx3s-20mt\/ds_firmwarefx3u-128mt\/es-a_firmwarefx3uc-32mt\/dss_firmwarefx3ge-24mt\/dss_firmwarefx3uc-16mt\/d_firmwarefx3g-40mt\/essfx5uj-24mr\/es-a_firmwarefx3u-16mr\/es-a_firmwarefx3g-14mt\/ess_firmwarefx3u-48mt\/dss_firmwarefx3s-20mt\/dssfx5uj-60mt\/esfx5uc-96mt\/dssfx3u-16mt\/ess_firmwarefx3g-40mt\/dssfx5uj-40mt\/dsfx3u-32mr\/es_firmwarefx3ge-24mr\/esfx3sa-14mr-cmfx3u-128mr\/es-afx3g-14mr\/es_firmwarefx5uj-60mr\/es-a_firmwarefx3ge-24mt\/es_firmwarefx3g-14mt\/dss_firmwarefx3ge-24mt\/ess_firmwarefx3u-64mt\/dsfx5u-80mt\/ess_firmwarefx3g-14mt\/ds_firmwarefx3u-80mt\/es-afx3gc-32mt\/dss_firmwarefx3u-48mr\/es_firmwarefx3g-40mr\/dsfx3uc-64mt\/dss_firmwarefx3u-128mr\/ds_firmwarefx3s-30mt\/es-2ad_firmwarefx3u-64mr\/es-afx3sa-20mt-cm_firmwarefx3s-10mr\/esfx3s-10mt\/ess_firmwarefx3u-80mt\/ds_firmwarefx5u-64mt\/dssfx5s-40mt\/esfx3s-20mr\/esfx3u-80mt\/dssfx3u-16mr\/esfx3g-60mt\/essfx5u-64mt\/dsfx3s-14mt\/dssfx3g-24mt\/essfx3ge-24mt\/essfx3s-14mr\/ds_firmwarefx5u-80mt\/dsfx5uc-96mt\/d_firmwarefx5uc-64mt\/dfx3ge-40mt\/dss_firmwarefx3g-60mr\/esfx3g-40mr\/es_firmwarefx5uj-40mt\/ess_firmwarefx3u-48mt\/dssfx3ge-40mt\/dsfx3ge-40mr\/ds_firmwarefx3g-24mt\/esfx3uc-16mr\/d-tfx3s-10mt\/dsfx5uj-24mt\/es-afx5u-32mt\/esfx3s-30mt\/ess-2adfx3g-60mr\/es_firmwarefx3ga-40mr-cmfx3sa-14mt-cmfx3u-128mt\/dsfx3u-32mt\/dsfx5uj-60mr\/ds_firmwarefx3u-64ms\/esfx3s-10mt\/esfx3ge-40mr\/esfx5uj-60mt\/dss_firmwarefx3s-10mt\/essfx5s-80mt\/es_firmwarefx3g-40mt\/esfx5u-32mt\/dsfx3u-64mr\/ua1_firmwarefx3u-64mt\/ds_firmwarefx3u-128mt\/dssfx3ge-40mt\/essfx3sa-20mr-cm_firmwarefx5s-80mt\/ess_firmwarefx3ge-24mr\/ds_firmwarefx3u-48mt\/ds_firmwarefx3uc-32mt-ltfx3u-32mt\/essfx3u-32mr\/ds_firmwarefx5uj-60mt\/es-a_firmwarefx5s-80mt\/essfx3g-24mt\/ess_firmwarefx3g-60mt\/dss_firmwarefx3sa-10mr-cm_firmwarefx3u-128mt\/essfx3u-16mt\/esfx3u-32mt\/es-a_firmwarefx5u-32mt\/es_firmwarefx3u-80mr\/es-a_firmwarefx3g-60mr\/ds_firmwarefx3s-20mt\/dsfx3ge-24mr\/dsfx3ga-60mt-cm_firmwarefx5uj-60mr\/es-afx3s-30mr\/es_firmwarefx5s-30mr\/es_firmwarefx3u-32mr\/dsfx3u-64mt\/es-a_firmwarefx3s-30mt\/ess-2ad_firmwarefx5s-40mr\/es_firmwarefx5s-40mt\/essfx3u-16mt\/ds_firmwarefx5u-80mr\/es_firmwarefx3ga-60mt-cmfx5uc-32mt\/d_firmwarefx3g-14mt\/esfx3sa-14mt-cm_firmwarefx3ge-40mt\/ess_firmwarefx3sa-14mr-cm_firmwarefx5uj-40mt\/dss_firmwarefx3s-10mr\/ds_firmwarefx3g-24mr\/es_firmwarefx3uc-16mr\/d-t_firmwarefx3g-14mt\/es_firmwarefx3s-14mt\/ess_firmwarefx3g-24mr\/dsfx5u-32mt\/essfx5uj-60mt\/ess_firmwarefx3u-64mt\/essfx3s-30mt\/dsfx3g-24mt\/es-a_firmwarefx5uc-32mr\/ds-tsfx3u-32mt\/ess_firmwarefx3g-60mt\/ess_firmwarefx3g-24mt\/dssfx5u-80mt\/es_firmwarefx3s-30mr\/es-2ad_firmwarefx5uj-40mr\/dsfx3u-48mt\/ess_firmwarefx5s-30mt\/esfx3u-64mt\/dss_firmwarefx3uc-64mt\/dfx3u-80mt\/dss_firmwarefx3g-14mt\/dssfx3g-14mr\/es-a_firmwarefx5s-40mt\/ess_firmwarefx3s-14mr\/esfx5uj-40mt\/es_firmwarefx3s-20mt\/ess_firmwarefx3uc-16mt\/d-p4_firmwarefx3sa-30mt-cmfx3uc-96mt\/d_firmwarefx5uj-24mt\/ess_firmwarefx5uj-24mt\/es_firmwarefx3g-40mt\/es_firmwarefx3g-60mr\/es-afx5u-80mt\/ds_firmwarefx3u-128mr\/es-a_firmwarefx5s-30mt\/essfx3u-64mt\/dssfx3g-14mr\/esfx5s-30mr\/esfx3s-20mr\/dsfx5u-32mr\/es_firmwarefx5uj-40mt\/es-afx3uc-16mt\/dssfx3ga-60mr-cm_firmwarefx3u-48mr\/ds_firmwarefx3s-10mt\/dssfx5s-40mr\/esfx5s-30mt\/es_firmwarefx3u-16mr\/dsfx3ga-40mt-cmfx5uj-40mr\/ds_firmwarefx3s-30mt\/dssfx3u-80mt\/esfx3s-14mr\/dsfx3u-80mt\/ess_firmwarefx3sa-30mr-cmfx5uj-24mt\/dsfx3g-24mr\/es-afx3u-32mr\/es-a_firmwarefx3u-128mr\/esfx3g-60mt\/esfx5uj-60mr\/es_firmwarefx3u-16mt\/dssfx5uj-24mt\/dssfx3u-32mr\/esfx3s-30mr\/esfx3u-64mt\/es_firmwarefx3g-40mt\/dss_firmwarefx5u-64mt\/ess_firmwarefx3u-16mt\/essfx3s-20mt\/essfx3u-128mt\/efx5uc-32mt\/dss-ts_firmwarefx3u-48mt\/essfx3uc-32mt\/d_firmwarefx3ga-60mr-cmfx3g-60mt\/es-afx3u-32mr\/ua1_firmwarefx3u-32mt\/es_firmwarefx3uc-16mt\/dfx3ga-24mt-cmfx3ge-40mt\/es_firmwarefx3g-24mr\/esfx5uj-40mr\/es_firmwarefx3g-60mt\/dsfx5uj-60mt\/es-afx3s-10mt\/ds_firmwarefx5u-64mt\/es_firmwarefx3u-32mt\/es-afx3ge-40mt\/ds_firmwarefx3s-10mt\/es_firmwarefx3gc-32mt\/dfx3u-32mr\/es-afx5uj-24mr\/dsfx5u-80mt\/essfx3u-64ms\/es_firmwarefx3s-30mt\/ds_firmwarefx5u-64mt\/essfx3u-32mt\/dss_firmwarefx3u-16mt\/dsfx5uj-24mr\/es-afx3g-60mr\/dsfx5u-64mr\/ds_firmwarefx5s-80mr\/esfx3s-20mr\/ds_firmwarefx3sa-20mt-cmfx3uc-16mr\/ds-t_firmwarefx3u-48mr\/es-a_firmwarefx3g-14mt\/dsfx5uc-64mt\/dssfx3u-32ms\/es_firmwarefx3g-40mr\/es-afx3ge-24mt\/esfx3s-14mt\/dss_firmwarefx5uj-60mr\/dsfx3g-14mt\/es-a_firmwarefx5uj-24mt\/ds_firmwarefx3sa-30mt-cm_firmwarefx3u-80mr\/esfx3g-40mt\/ess_firmwarefx3u-64mt\/ess_firmwarefx3u-80mt\/essfx5uj-60mt\/es_firmwarefx3uc-32mt\/dssfx3g-40mr\/es-a_firmwarefx3ge-40mt\/esfx3s-14mt\/dsfx5uc-64mt\/dss_firmwarefx5uj-40mt\/ds_firmwarefx5s-80mt\/esfx3u-48mr\/es-afx3s-30mt\/dss_firmwarefx3gc-32mt\/dssfx3s-10mr\/dsfx5u-64mt\/ds_firmwarefx3ge-40mr\/es_firmwarefx5uj-40mt\/essfx5uc-32mt\/dssfx3u-16mt\/es-afx3u-80mt\/es-a_firmwarefx3u-16mt\/es-a_firmwarefx3uc-16mt\/d-p4fx3u-128mt\/dss_firmwarefx3g-40mt\/ds_firmwarefx3ge-24mr\/es_firmwarefx3u-32mr\/ua1fx3g-14mr\/ds_firmwarefx3g-60mt\/es-a_firmwarefx3g-60mt\/ds_firmwarefx5uj-40mt\/es-a_firmwarefx5u-64mt\/esfx3u-48mt\/es_firmwarefx3uc-16mt\/dss-p4_firmwarefx3u-80mr\/es-afx3s-14mr\/es_firmwarefx5u-32mr\/esfx3g-14mr\/dsfx3ga-40mt-cm_firmwarefx3u-80mr\/ds_firmwarefx3u-48mt\/esfx5uj-60mt\/dssfx5uj-40mt\/dssfx3s-20mr\/es_firmwarefx5uj-60mr\/esfx3s-30mt\/ess_firmwarefx3u-32mt\/esfx3sa-20mr-cmfx3ga-24mt-cm_firmwarefx3sa-10mt-cm_firmwarefx3u-48mr\/dsfx3u-64mr\/dsfx3u-80mr\/dsfx5uc-32mt\/dss-tsfx5uj-40mt\/esfx3u-64mr\/es-a_firmwarefx3s-30mt\/essfx3g-40mr\/esfx5u-64mr\/esfx3u-48mt\/es-afx5uc-32mr\/ds-ts_firmwarefx3uc-32mt-lt-2_firmwarefx3u-32mt\/ds_firmwarefx3u-128mt\/ds_firmwarefx3g-24mr\/ds_firmwarefx3u-64mt\/es-afx3g-14mt\/essfx3s-20mt\/dss_firmwarefx3s-14mt\/essfx3g-24mt\/es_firmwarefx3uc-16mt\/dss_firmwarefx3g-24mt\/dsfx5u-32mr\/dsfx5uj-60mt\/ds_firmwarefx5s-60mr\/es_firmwarefx5u-80mt\/esfx3u-128mr\/es_firmwarefx3u-16mr\/ds_firmwarefx3s-20mt\/esfx5u-32mt\/dss_firmwarefx5uj-24mt\/esfx3uc-16mr\/ds-tfx3s-30mr\/dsfx5uj-40mr\/es-a_firmwarefx3u-128mr\/dsfx3s-14mt\/ds_firmwarefx5s-60mt\/es_firmwarefx3u-80mt\/es_firmwarefx5uj-40mr\/esfx3uc-64mt\/d_firmwarefx3uc-96mt\/dssfx3u-48mr\/esfx5s-60mt\/esfx3s-30mt\/es_firmwarefx5u-64mr\/es_firmwarefx3u-64mr\/esfx5uc-32mt\/dfx5u-32mr\/ds_firmwarefx3s-10mt\/dss_firmwarefx5uc-96mt\/dfx3s-20mt\/es_firmwarefx3u-32mt\/dssfx3s-30mt\/es-2adfx5uj-60mt\/essfx3g-40mt\/es-a_firmwarefx3ga-40mr-cm_firmwarefx5uc-96mt\/dss_firmwarefx5s-40mt\/es_firmwarefx5u-80mr\/ds_firmwarefx3g-40mr\/ds_firmwarefx3u-128mt\/e_firmwarefx5u-32mt\/dssMELSEC-F Series FX3G-14MT/ES-AMELSEC-F Series FX3S-20MT/ESSMELSEC-F Series FX3U-64MT/ESMELSEC-F Series FX3S-30MT/ESSMELSEC Q Series QD77GF8MELSEC-F Series FX3U-128MT/DSSMELSEC iQ-R Series R120PCPUMELSEC-F Series FX3UC-96MT/DMELSEC-F Series FX3U-32MT/ES-AMELSEC-F Series FX3U-32MT/ESSMELSEC-F Series FX3GE-40MR/DSMitsubishi Electric CNC M700V Series M720VWMELSEC-F Series FX3U-64MR/UA1MELSEC-F Series FX3U-32MR/ES-AMELSEC iQ-F Series FX5UJ-60MR/DSMELSEC iQ-F Series FX5U-64MT/ESSMELSEC iQ-F Series FX5UJ-24MT/DSMELSEC-F Series FX3U-128MR/ESMELSEC iQ-F Series FX5U-80MT/DSSMELSEC iQ-L Series LD78G16MELSEC-F Series FX3U-16MT/ESMELSEC-F Series FX3U-64MR/DSMELSEC-F Series FX3G-60MT/DSSMELSEC iQ-R Series R08PCPUMELSEC-F Series FX3S-10MR/DSMELSEC-F Series FX3U-128MT/DSMELSEC iQ-R Series R16MTCPUMELSEC-F Series FX3GE-24MT/ESMELSEC iQ-F Series FX5S-60MT/ESSMELSEC-F Series FX3GE-40MR/ESMELSEC-F Series FX3UC-16MR/D-TMELSEC-F Series FX3S-20MR/DSMELSEC iQ-R Series R120ENCPUMELSEC iQ-F Series FX5U-32MR/ESMELSEC-F Series FX3U-80MT/DSMELSEC-F Series FX3UC-32MT/DMELSEC-F Series FX3G-24MT/DSMELSEC iQ-F Series FX5S-80MR/ESMELSEC iQ-F Series FX5-80SSC-SMELSEC-F Series FX3U-80MR/ESMELSEC iQ-R Series R64MTCPUMELSEC iQ-F Series FX5U-32MT/ESMELSEC iQ-F Series FX5S-80MT/ESMELSEC iQ-F Series FX5UJ-24MT/DSSMELSEC-F Series FX3G-60MT/ES-AMELSEC-F Series FX3GE-24MT/DSMELSEC iQ-R Series R16PCPUMELSEC-F Series FX3S-30MR/DSMELSEC iQ-F Series FX5UJ-60MT/ES-AMELSEC iQ-F Series FX5U-64MR/DSMELSEC iQ-F Series FX5U-80MR/DSMELSEC-F Series FX3G-14MT/ESSMELSEC-F Series FX3UC-16MT/DSS-P4MELSEC iQ-R Series R04CPUMELSEC-F Series FX3S-14MR/ESMELSEC iQ-F Series FX5UC-32MR/DS-TSMELSEC iQ-F Series FX5UJ-60MT/ESMELSEC iQ-R Series RD77MS8MELSEC iQ-R Series RD77MS4MELSEC iQ-F Series FX5S-40MT/ESSMELSEC iQ-F Series FX5UJ-24MT/ESMELSEC iQ-F Series FX5UJ-60MT/ESSMELSEC iQ-R Series R16ENCPUMELSEC-F Series FX3G-14MR/ESMELSEC-F Series FX3S-10MR/ESMELSEC-F Series FX3U-48MT/DSSMELSEC iQ-F Series FX5UJ-40MT/DSMELSEC iQ-R Series R16CPUMELSEC-F Series FX3U-16MT/ESSMELSEC L Series LD77MS16MELSEC-F Series FX3G-40MR/ESMELSEC-F Series FX3U-16MR/ESMELSEC iQ-F Series FX5UJ-24MR/ESMELSEC iQ-F Series FX5S-60MT/ESMELSEC-F Series FX3S-14MR/DSMELSEC-F Series FX3GE-24MT/DSSMELSEC-F Series FX3U-32MT/ESMELSEC iQ-F Series FX5U-64MT/DSSMELSEC-F Series FX3U-16MR/DSMELSEC-F Series FX3S-20MT/ESMELSEC-F Series FX3U-64MS/ESMELSEC iQ-R Series RD78G8MELSEC-F Series FX3S-30MT/ESS-2ADMELSEC-F Series FX3GA-24MT-CMMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series RD77MS16MELSEC iQ-F Series FX5U-80MT/DSMELSEC-F Series FX3U-128MT/ESSMitsubishi Electric CNC M80V Series M80VMELSEC-F Series FX3U-48MR/ESMELSEC iQ-F Series FX5-40SSC-SMELSEC iQ-F Series FX5S-30MT/ESSMELSEC-F Series FX3SA-20MT-CMMELSEC iQ-F Series FX5UC-64MT/DSSMELSEC-F Series FX3U-128MR/DSMELSEC iQ-F Series FX5UC-32MT/DSS-TSMELSEC-F Series FX3U-32MT/DSSMELSEC iQ-F Series FX5UJ-40MT/ES-AMELSEC-F Series FX3U-16MT/ES-AMELSEC iQ-F Series FX5UJ-24MR/DSMELSEC-F Series FX3UC-32MT/DSSMELSEC iQ-F Series FX5UC-96MT/DSSMitsubishi Electric CNC M700V Series M720VSMELSEC-F Series FX3U-64MT/DSSMELSEC-F Series FX3G-24MT/ESMELSEC-F Series FX3G-60MT/ESSMitsubishi Electric CNC E80 Series E80MELSEC iQ-F Series FX5UC-64MT/DMELSEC iQ-R Series RD78G4MELSEC-F Series FX3SA-20MR-CMMELSEC-F Series FX3GE-24MR/DSMELSEC-F Series FX3GA-60MT-CMMELSEC-F Series FX3U-64MR/ES-AMELSEC iQ-F Series FX5U-64MR/ESMitsubishi Electric CNC M80 Series M80WMELSEC-F Series FX3GA-24MR-CMMELSEC iQ-F Series FX5S-80MT/ESSMELSEC-F Series FX3S-14MT/DSSMELSEC-F Series FX3S-30MT/DSMELSEC-F Series FX3UC-32MT-LTMELSEC-F Series FX3G-40MT/ESMELSEC-F Series FX3S-20MR/ESMitsubishi Electric CNC M80 Series M80Mitsubishi Electric CNC M70V Series M70VMELSEC iQ-F Series FX5UC-32MT/DS-TSMELSEC-F Series FX3G-24MR/ES-AMELSEC-F Series FX3U-80MR/ES-AMELSEC-F Series FX3GA-60MR-CMMELSEC-F Series FX3U-80MT/ESSMELSEC-F Series FX3G-24MT/ES-AMELSEC-F Series FX3G-40MT/ESSMELSEC-F Series FX3G-60MT/ESMELSEC-F Series FX3G-40MR/DSMELSEC L Series LD77MS4MELSEC-F Series FX3S-14MT/ESSMELSEC-F Series FX3GE-40MT/DSSMELSEC iQ-F Series FX5S-30MT/ESMELSEC-F Series FX3GA-40MT-CMMELSEC-F Series FX3U-32MR/DSMELSEC-F Series FX3GE-40MT/ESMELSEC iQ-R Series RD78G32MELSEC iQ-L Series LD78G4MELSEC-F Series FX3U-128MR/ES-AMELSEC iQ-F Series FX5UC-96MT/DMELSEC-F Series FX3G-40MT/DSMELSEC iQ-F Series FX5U-64MT/DSMELSEC iQ-F Series FX5U-80MT/ESMELSEC Q Series QD77MS2MELSEC-F Series FX3G-60MR/DSMELSEC-F Series FX3U-32MR/UA1MELSEC-F Series FX3GE-24MT/ESSMELSEC-F Series FX3GA-40MR-CMMELSEC iQ-R Series RD78G64MELSEC-F Series FX3GE-40MT/DSMELSEC-F Series FX3UC-16MT/DMELSEC-F Series FX3U-128MT/ESMELSEC-F Series FX3U-16MT/DSMitsubishi Electric CNC M800 Series M800WMELSEC-F Series FX3UC-16MR/DS-TMitsubishi Electric CNC M700V Series M750VWMELSEC-F Series FX3GC-32MT/DMELSEC iQ-F Series FX5UC-32MT/DMELSEC-F Series FX3U-80MT/ESMELSEC-F Series FX3UC-32MT-LT-2MELSEC-F Series FX3U-48MR/DSMELSEC iQ-F Series FX5U-32MR/DSMELSEC iQ-F Series FX5S-60MR/ESMELSEC iQ-F Series FX5U-32MT/ESSMELSEC iQ-F Series FX5U-32MT/DSSMitsubishi Electric CNC M700V Series M730VSMELSEC-F Series FX3G-14MR/ES-AMELSEC iQ-F Series FX5-40SSC-GMELSEC Q Series Q172DSCPUMELSEC iQ-F Series FX5S-30MR/ESMitsubishi Electric CNC M80V Series M80VWMELSEC-F Series FX3U-48MT/ESSMELSEC iQ-R Series RD78GHVMELSEC-F Series FX3S-10MT/ESMELSEC iQ-F Series FX5UJ-40MR/ES-AMELSEC-F Series FX3S-10MT/DSSMitsubishi Electric CNC M700V Series M750VSMELSEC-F Series FX3G-14MT/DSMELSEC-F Series FX3SA-14MT-CMMELSEC iQ-R Series RD77GF16MELSEC-F Series FX3U-80MR/DSMELSEC iQ-R Series R32PCPUMELSEC-F Series FX3S-20MT/DSSMELSEC Q Series QD77GF4Mitsubishi Electric CNC M800 Series M800SMELSEC iQ-F Series FX5UJ-40MT/ESMELSEC iQ-F Series FX5UJ-60MT/DSMELSEC-F Series FX3G-24MR/ESMELSEC iQ-F Series FX5U-80MR/ESMELSEC iQ-F Series FX5UJ-40MT/ESSMitsubishi Electric CNC M800V Series M800VSMELSEC iQ-F Series FX5UJ-40MR/ESMELSEC iQ-F Series FX5UJ-60MR/ES-AMELSEC Q Series QD77GF16MELSEC iQ-R Series RD77MS2MELSEC-F Series FX3GC-32MT/DSSMELSEC-F Series FX3U-64MR/ESMELSEC-F Series FX3G-14MT/ESMELSEC-F Series FX3GE-24MR/ESMELSEC-F Series FX3S-20MT/DSMELSEC-F Series FX3SA-10MR-CMMELSEC iQ-R Series RD78G16MELSEC-F Series FX3U-64MT/DSMELSEC-F Series FX3U-128MT/ES-AMELSEC-F Series FX3SA-10MT-CMMELSEC-F Series FX3G-40MR/ES-AMELSEC-F Series FX3U-64MT/ES-AMELSEC iQ-R Series RD78GHWMELSEC iQ-F Series FX5U-80MT/ESSMELSEC iQ-F Series FX5UJ-60MR/ESMELSEC-F Series FX3G-24MT/ESSMELSEC iQ-F Series FX5UJ-60MT/DSSMELSEC-F Series FX3S-30MT/DSSMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series RD77GF8MELSEC L Series LD77MS2MELSEC-F Series FX3U-48MT/ESMELSEC-F Series FX3U-32MS/ESMELSEC iQ-F Series FX5U-32MT/DSMELSEC-F Series FX3G-24MT/DSSMELSEC iQ-R Series R32CPUMELSEC iQ-F Series FX5S-40MR/ESMitsubishi Electric CNC M800V Series M800VWMELSEC-F Series FX3U-48MT/ES-AMELSEC-F Series FX3UC-16MT/D-P4MELSEC iQ-R Series RD77GF4MELSEC iQ-F Series FX5U-64MT/ESMELSEC iQ-R Series R08CPUMELSEC-F Series FX3SA-30MT-CMMELSEC iQ-F Series FX5UC-32MT/DSSMELSEC-F Series FX3S-14MT/ESMELSEC-F Series FX3G-14MR/DSMELSEC-F Series FX3S-10MT/DSMELSEC Q Series Q173DSCPUMELSEC iQ-F Series FX5S-40MT/ESMELSEC-F Series FX3UC-96MT/DSSMELSEC-F Series FX3SA-30MR-CMMELSEC-F Series FX3U-32MR/ESMELSEC-F Series FX3S-30MR/ES-2ADMELSEC-F Series FX3SA-14MR-CMMELSEC-F Series FX3G-60MR/ES-AMELSEC-F Series FX3U-48MR/ES-AMitsubishi Electric CNC M700V Series M730VWMELSEC iQ-F Series FX5-80SSC-GMELSEC iQ-F Series FX5UJ-24MT/ES-AMELSEC iQ-F Series FX5UJ-24MT/ESSMELSEC-F Series FX3U-80MT/DSSMELSEC-F Series FX3UC-64MT/DSSMELSEC-F Series FX3S-30MT/ESMELSEC-F Series FX3U-48MT/DSMELSEC iQ-F Series FX5UJ-40MT/DSSMELSEC iQ-R Series R120CPUMELSEC-F Series FX3UC-16MT/DSSMELSEC-F Series FX3G-40MT/ES-AMELSEC-F Series FX3G-60MT/DSMELSEC-F Series FX3U-16MR/ES-AMELSEC-F Series FX3S-10MT/ESSMELSEC-F Series FX3U-80MT/ES-AMELSEC-F Series FX3S-30MR/ESMELSEC-F Series FX3S-30MT/ES-2ADMitsubishi Electric CNC E70 Series E70MELSEC iQ-F Series FX5UJ-40MR/DSMELSEC-F Series FX3G-24MR/DSMELSEC-F Series FX3U-64MT/ESSMELSEC-F Series FX3U-32MT/DSMELSEC-F Series FX3G-14MT/DSSMELSEC-F Series FX3G-40MT/DSSMELSEC iQ-R Series RD77GF32MELSEC-F Series FX3UC-64MT/DMELSEC iQ-R Series R32ENCPUMELSEC-F Series FX3U-16MT/DSSMELSEC-F Series FX3S-14MT/DSMELSEC Q Series Q170MSCPUMELSEC-F Series FX3G-60MR/ESMELSEC Q Series QD77MS16MELSEC iQ-R Series R08ENCPUMELSEC-F Series FX3GE-40MT/ESSMELSEC Q Series QD77MS4MELSEC iQ-F Series FX5UJ-24MR/ES-A
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-23108
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.7||CRITICAL
EPSS-90.39% / 99.62%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 13:26
Updated-19 May, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-2013
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:14
Updated-15 Aug, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemFOXMAN-UNUNEM
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-3572
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-10||CRITICAL
EPSS-0.89% / 75.82%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 06:52
Updated-15 Oct, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-wp_6185-whpswp_6070-wvpswp_6121-wxps_firmwarewp_6156-whps_firmwarewp_6185-whps_firmwarewp_6101-wxpswp_6121-wxpswp_6156-whpswp_6215-whpswp_6215-whps_firmwarewp_6070-wvps_firmwarewp_6101-wxps_firmwareWP 6101-WXPSWP 6156-WHPSWP 6070-WVPSWP 6185-WHPSWP 6215-WHPSWP 6121-WXPSwp_6185-whpswp_6070-wvpswp_6215-whpswp_6156-whpswp_6101-wxpswp_6121-wxps
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-4202
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-3.22% / 87.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2019 | 14:55
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41918
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-10||CRITICAL
EPSS-0.28% / 51.82%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:42
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in Kiloview P1/P2 devices

A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.

Action-Not Available
Vendor-Kiloviewkiloview
Product-P1/P2p2_4g_video_encoder_firmwarep1_4g_video_encoder_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-42770
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.16% / 36.27%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 00:14
Updated-11 Jun, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

Action-Not Available
Vendor-redlioncontrolsRed Lion Controls
Product-vt-ipm2m-113-d_firmwarevt-mipm-245-d_firmwarevt-ipm2m-213-dvt-mipm-135-d_firmwarevt-mipm-135-dst-ipm-6350st-ipm-6350_firmwarest-ipm-8460_firmwarevt-mipm-245-dvt-ipm2m-213-d_firmwarest-ipm-8460vt-ipm2m-113-dVT-mIPm-135-DVT-IPm2m-213-DST-IPm-8460ST-IPm-6350VT-IPm2m-113-DVT-mIPm-245-D
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-3939
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-10||CRITICAL
EPSS-1.01% / 77.35%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 09:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other.

Action-Not Available
Vendor-ZKTeco Co., Ltd.
Product-ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0smartec_st_fr041mesmartec_st_fr043facedepot_7b
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37903
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-36.36% / 97.19%
||
7 Day CHG-0.57%
Published-21 Jul, 2023 | 19:42
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox Escape in vm2

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

Action-Not Available
Vendor-vm2_projectpatriksimek
Product-vm2vm2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26829
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-3.95% / 88.54%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 16:28
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_javaSAP NetWeaver AS JAVA (P2P Cluster Communication)
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found