Show filters
1,202 Total Results
Displaying 191-200 of 1,202
Sort by:
Attacker Value
Unknown

CVE-2021-39031

Disclosure Date: January 24, 2022 (last updated February 23, 2025)
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.
Attacker Value
Unknown

CVE-2022-22310

Disclosure Date: January 18, 2022 (last updated October 07, 2023)
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
Attacker Value
Unknown

CVE-2021-42067

Disclosure Date: January 14, 2022 (last updated October 07, 2023)
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
Attacker Value
Unknown

CVE-2021-45105

Disclosure Date: December 18, 2021 (last updated February 23, 2025)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Attacker Value
Unknown

CVE-2020-8968

Disclosure Date: December 17, 2021 (last updated February 23, 2025)
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
Attacker Value
Unknown

CVE-2021-44235

Disclosure Date: December 14, 2021 (last updated February 23, 2025)
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.
Attacker Value
Unknown

CVE-2021-44231

Disclosure Date: December 14, 2021 (last updated February 23, 2025)
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Attacker Value
Unknown

CVE-2021-38951

Disclosure Date: December 08, 2021 (last updated October 07, 2023)
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.
Attacker Value
Unknown

CVE-2002-20001

Disclosure Date: November 11, 2021 (last updated February 23, 2025)
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Attacker Value
Unknown

CVE-2021-40504

Disclosure Date: November 10, 2021 (last updated February 23, 2025)
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.