Vx Security Vulnerabilities
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.1AI Score
0.0004EPSS
An authenticated XCC user can change permissions for any user through a crafted API...
8.8CVSS
8.4AI Score
0.001EPSS
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to...
6.3CVSS
6.4AI Score
0.0004EPSS
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web...
7.5CVSS
7.5AI Score
0.0005EPSS
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface...
8.8CVSS
8.3AI Score
0.001EPSS
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API...
8.8CVSS
8.5AI Score
0.001EPSS
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not...
5.9CVSS
5.7AI Score
0.001EPSS
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is...
4.9CVSS
5.1AI Score
0.001EPSS
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then...
8.8CVSS
8.3AI Score
0.001EPSS
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only...
6.5CVSS
6.4AI Score
0.0005EPSS
VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable...
7.8CVSS
8.5AI Score
0.0004EPSS
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary...
6.7CVSS
6.9AI Score
0.0004EPSS
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in...
4.3CVSS
4.6AI Score
0.001EPSS
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of...
7.2CVSS
6.5AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.001EPSS
The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID...
6.9AI Score
0.003EPSS
A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1)...
7.8CVSS
7.5AI Score
0.0004EPSS
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not...
9.8CVSS
9.8AI Score
0.002EPSS
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not...
9.8CVSS
9.8AI Score
0.002EPSS
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically...
4.9CVSS
5.2AI Score
0.001EPSS
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish.....
6.8CVSS
7.2AI Score
0.001EPSS
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...
6.8CVSS
6.5AI Score
0.002EPSS
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write...
6.8CVSS
6.4AI Score
0.001EPSS
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
4.9CVSS
5AI Score
0.001EPSS
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted...
6CVSS
5.1AI Score
0.001EPSS
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted...
6CVSS
5.1AI Score
0.001EPSS
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local...
4.8CVSS
5.1AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root...
7.5CVSS
8AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow...
8.1CVSS
7.9AI Score
0.002EPSS
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer...
8.1CVSS
8.1AI Score
0.003EPSS
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site...
6.1CVSS
6.6AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other...
8.1CVSS
7.9AI Score
0.002EPSS
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer...
8.1CVSS
8.1AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be...
6.5CVSS
7AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command...
7.5CVSS
8AI Score
0.001EPSS
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication...
5.9CVSS
6.7AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port...
7.5CVSS
7.3AI Score
0.014EPSS
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary...
9.8CVSS
9.9AI Score
0.071EPSS
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET...
9.8CVSS
9.6AI Score
0.047EPSS
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative...
7.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id...
5.8AI Score
0.002EPSS
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to...
7.2AI Score
0.022EPSS
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to...
7.5AI Score
0.05EPSS