CVE-2010-4099

Exploit

EPSS 2.54%
Veröffentlicht 27.10.2010 19:00:11
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nitrosecurity ≫ Nitroview Esm Software Version8.4.0a

   Nitrosecurity ≫ Nitroview Esm Versionns-esm-5205-r
   Nitrosecurity ≫ Nitroview Esm Versionns-esm-5510-r
   Nitrosecurity ≫ Nitroview Esm Versionns-esm-5750-r
   Nitrosecurity ≫ Nitroview Esm Versionns-esm-x5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.54%	0.851

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.exploit-db.com/exploits/15318

Exploit

http://www.securityfocus.com/bid/44421

Exploit

http://www.securitytracker.com/id?1024639

https://exchange.xforce.ibmcloud.com/vulnerabilities/62768

https://nvd.nist.gov/vuln/detail/CVE-2010-4099

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4099

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4099

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-4099