「出典」の8つのHigh Vulnerabilitiesについて、次の様式で記載します。
◆Primary Vendor -- Product
Description
Published
CVSS Score, Source & Patch Info
◆codesys -- gateway
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
CODESYS Gateway Server V2.3.9.38以前のバージョンでは、指定されたパスワードの一部のみが実際のCODESYS Gatewayのパスワードと比較されます。攻撃者は、長い本物のCODESYS Gatewayのパスワードの該当部分と一致する小さなパスワードを指定することで認証を行うことができます。
Published: 2022/6/24
CVSS Score: 7.5 , CVE-2022-31802 , CONFIRM
◆ibm -- cognos_analytics
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 には、不適切なコンテンツの検証により、リモートの攻撃者が任意のファイルをアップロードする可能性があります。IBM X-Force ID: 211238.
Published: 2022/6/24
CVSS Score: 7.5 , CVE-2021-38945 , CONFIRM , XF
◆illumina -- local_run_manager
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
LRM は、昇格した特権を使用します。認証されていない悪意のある行為者は、オペレーティングシステムレベルでリモートでコードをアップロードして実行することができ、攻撃者は、影響を受けるプロデューサー上の設定、構成、ソフトウェアを変更したり、機密データにアクセスしたりすることが可能になる可能性があります。また、この脆弱性を利用して、一般的な利用を想定していないAPIにアクセスし、ネットワーク経由でやり取りを行うことも可能です。
Published: 2022/6/24
CVSS Score: 10 , CVE-2022-1517 , MISC
◆illumina -- local_run_manager
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Published: 2022/6/24
CVSS Score: 10 , CVE-2022-1519 , MISC
◆illumina -- local_run_manager
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
Published: 2022/6/24
CVSS Score: 7.5 , CVE-2022-1518 , MISC
◆melag -- ftp_server
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
Published: 2022/6/24
CVSS Score: 9 , CVE-2021-41635 , MISC
◆online_student_rate_system_project -- online_student_rate_system
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
Published: 2022/6/24
CVSS Score: 7.5 , CVE-2021-39409 , MISC
◆simple_ads_manager_project -- simple_ads_manager
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
Published: 2022/6/24
CVSS Score: 7.5 , CVE-2017-20095 , MISC , MISC
出典
Bulletin (SB22-185)
Vulnerability Summary for the Week of June 27, 2022
No comments:
Post a Comment