Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
High
CVE-2023-46604
Disclosure Date: October 27, 2023 (last updated June 28, 2024)
The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
11
Attacker Value
High
CVE-2024-23897
Disclosure Date: January 24, 2024 (last updated March 08, 2024)
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
7
Attacker Value
High
CVE-2021-36955
Disclosure Date: September 15, 2021 (last updated November 28, 2024)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
5
Attacker Value
Very High
CVE-2023-46747
Disclosure Date: October 26, 2023 (last updated February 01, 2024)
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
3
Attacker Value
Moderate
CVE-2023-46748
Disclosure Date: October 26, 2023 (last updated February 01, 2024)
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2