Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
High

CVE-2023-46604

Disclosure Date: October 27, 2023 (last updated June 28, 2024)
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Attacker Value
High

CVE-2024-23897

Disclosure Date: January 24, 2024 (last updated March 08, 2024)
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Attacker Value
High

CVE-2021-36955

Disclosure Date: September 15, 2021 (last updated November 28, 2024)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
5
Attacker Value
Very High

CVE-2023-46747

Disclosure Date: October 26, 2023 (last updated February 01, 2024)
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Attacker Value
Moderate

CVE-2023-46748

Disclosure Date: October 26, 2023 (last updated February 01, 2024)
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated