Nozominetworks

Cmc

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-40887

  • EPSS 0.02%
  • Veröffentlicht 07.10.2025 12:37:10
  • Zuletzt bearbeitet 09.10.2025 16:38:07

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web applicatio...

8.8

CVE-2025-40886

  • EPSS 0.02%
  • Veröffentlicht 07.10.2025 12:36:34
  • Zuletzt bearbeitet 09.10.2025 16:38:21

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, pote...

6.5

CVE-2025-40885

  • EPSS 0.02%
  • Veröffentlicht 07.10.2025 12:35:57
  • Zuletzt bearbeitet 09.10.2025 16:38:33

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web ap...

8.1

CVE-2025-3719

  • EPSS 0.05%
  • Veröffentlicht 07.10.2025 12:34:46
  • Zuletzt bearbeitet 09.10.2025 16:38:45

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI com...

5.4

CVE-2025-3718

  • EPSS 0.03%
  • Veröffentlicht 07.10.2025 12:33:18
  • Zuletzt bearbeitet 09.10.2025 16:39:02

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authe...

5.3

CVE-2025-1501

  • EPSS 0.03%
  • Veröffentlicht 26.08.2025 10:25:47
  • Zuletzt bearbeitet 26.08.2025 13:41:58

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with...

7.3

CVE-2024-13090

  • EPSS 0.02%
  • Veröffentlicht 10.06.2025 10:31:02
  • Zuletzt bearbeitet 12.06.2025 16:06:39

A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could e...

7.5

CVE-2024-13089

  • EPSS 0.22%
  • Veröffentlicht 10.06.2025 10:29:40
  • Zuletzt bearbeitet 12.06.2025 16:06:39

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions o...

5

CVE-2024-4465

  • EPSS 0.18%
  • Veröffentlicht 11.09.2024 15:15:18
  • Zuletzt bearbeitet 20.09.2024 13:15:19

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific...

7.5

CVE-2023-6916

  • EPSS 0.15%
  • Veröffentlicht 10.04.2024 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:49

Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.