» 2021 » 7월

CVE-2021-20379

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-20379

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.

Source: CVE-2021-20379

CVE-2021-20378

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-20378

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.

Source: CVE-2021-20378

CVE-2021-20416

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-20416

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.

Source: CVE-2021-20416

CVE-2021-20415

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-20415

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.

Source: CVE-2021-20415

CVE-2021-20417

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-20417

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219

Source: CVE-2021-20417

CVE-2021-21786

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-21786

A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.

Source: CVE-2021-21786

CVE-2021-21788

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-21788

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction A local attacker can send a malicious IRP to trigger this vulnerability.

Source: CVE-2021-21788

CVE-2021-33218

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.

Source: CVE-2021-33218

CVE-2021-33217

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-33217

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.

Source: CVE-2021-33217

CVE-2021-33220

Posted on 2021년 7월 8일2021년 7월 8일 by admin

CVE-2021-33220

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.

Source: CVE-2021-33220