Activity Feed

1

noraj assessed CVE-2021-3723

October 05, 2022 9:20am UTC (1 day ago)•Edited 1 day ago

Ratings

Attacker Value

Very High

Exploitability

Very Low

Gives privileged access Vulnerable in default configuration Authenticated Difficult to weaponize

Technical Analysis

IBM Integrated Management Module (IMM) have some default admin credentials (USERID / PASSW0RD). The default credentials are working on the WebUI as well as on telnet and SSH that are accessible by default. The vulnerability allows to inject system commands. However the big tradeoff is that the exploit is not public.

mkienow-r7 reported CVE-2022-36804 as Exploited in the Wild

September 30, 2022 5:38pm UTC (6 days ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

mkienow-r7 reported CVE-2022-41040 as Exploited in the Wild

September 30, 2022 5:38pm UTC (6 days ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

mkienow-r7 reported CVE-2022-41082 as Exploited in the Wild

September 30, 2022 5:37pm UTC (6 days ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

gwillcox-r7 reported CVE-2022-36804 as Exploited in the Wild

September 30, 2022 2:46pm UTC (6 days ago)

Indicated source as

Threat Feed (https://viz.greynoise.io/query/?gnql=CVE-2022-36804)

gwillcox-r7 reported CVE-2022-41082 as Exploited in the Wild

September 30, 2022 2:34pm UTC (6 days ago)

Indicated source as

Vendor Advisory (https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/)

gwillcox-r7 reported CVE-2022-41040 as Exploited in the Wild

September 30, 2022 2:33pm UTC (6 days ago)

Indicated source as

Vendor Advisory (https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/)

coolbe reported CVE-2022-27255 as Exploited in the Wild

September 29, 2022 6:44am UTC (1 week ago)

Indicated source as

Threat Feed

coolbe reported CVE-2022-36804 as Exploited in the Wild

September 29, 2022 6:39am UTC (1 week ago)

Indicated source as

Vendor Advisory

Dark58254341 reported CVE-2020-11023 as Exploited in the Wild

September 28, 2022 5:09pm UTC (1 week ago)