Show filters
1,202 Total Results
Displaying 191-200 of 1,202
Sort by:
Attacker Value
Unknown
CVE-2021-39031
Disclosure Date: January 24, 2022 (last updated February 23, 2025)
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.
0
Attacker Value
Unknown
CVE-2022-22310
Disclosure Date: January 18, 2022 (last updated October 07, 2023)
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
0
Attacker Value
Unknown
CVE-2021-42067
Disclosure Date: January 14, 2022 (last updated October 07, 2023)
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
0
Attacker Value
Unknown
CVE-2021-45105
Disclosure Date: December 18, 2021 (last updated February 23, 2025)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
0
Attacker Value
Unknown
CVE-2020-8968
Disclosure Date: December 17, 2021 (last updated February 23, 2025)
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
0
Attacker Value
Unknown
CVE-2021-44235
Disclosure Date: December 14, 2021 (last updated February 23, 2025)
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.
0
Attacker Value
Unknown
CVE-2021-44231
Disclosure Date: December 14, 2021 (last updated February 23, 2025)
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
0
Attacker Value
Unknown
CVE-2021-38951
Disclosure Date: December 08, 2021 (last updated October 07, 2023)
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.
0
Attacker Value
Unknown
CVE-2002-20001
Disclosure Date: November 11, 2021 (last updated February 23, 2025)
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
0
Attacker Value
Unknown
CVE-2021-40504
Disclosure Date: November 10, 2021 (last updated February 23, 2025)
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
0