#ExploitObserverAlert
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-1487
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-1487. Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
FIRST-EPSS: 0.004110000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2016-3415
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3415. Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
FIRST-EPSS: 0.003340000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-50863
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50863. Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-9844
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-9844. SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
FIRST-EPSS: 0.010180000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
CVE-2023-46835
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46835. The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.
#ExploitObserverAlert
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
CVE-2015-6555
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-6555. Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
FIRST-EPSS: 0.003130000
NVD-IS: 10.0
NVD-ES: 6.8
#ExploitObserverAlert
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-4449
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-4449. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
FIRST-EPSS: 0.011230000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-7253
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-7253. The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
FIRST-EPSS: 0.004100000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-11283
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-11283. Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
FIRST-EPSS: 0.515630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-11247
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-11247. The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.
FIRST-EPSS: 0.006980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-16891
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-16891. Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
FIRST-EPSS: 0.012890000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-16891
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-16891. Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
FIRST-EPSS: 0.012890000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-12628
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-12628. The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-12628
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2017-12628. The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-24164
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-24164. A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-24164
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-24164. A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5
GHSA-3px7-jm2p-6h2c
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-3PX7-JM2P-6H2C. The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-49658
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49658. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49658
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49658. Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-4372
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-4372. HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.039390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4372
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-4372. HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
FIRST-EPSS: 0.039390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-31474
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-31474. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
FIRST-EPSS: 0.733420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-31474
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-31474. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
FIRST-EPSS: 0.733420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-1998
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1998. HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-1998
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-1998. HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
FIRST-EPSS: 0.003240000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-15692
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2017-15692. In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
FIRST-EPSS: 0.014260000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-15692
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2017-15692. In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
FIRST-EPSS: 0.014260000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7727
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7727. In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
FIRST-EPSS: 0.026030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7727
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7727. In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
FIRST-EPSS: 0.026030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
CVE-2023-6944
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6944. A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.