» 2022 » 4월

CVE-2021-39072

Posted on 2022년 4월 20일2022년 4월 20일 by admin

CVE-2021-39072

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581.

Source: CVE-2021-39072

CVE-2021-39033

Posted on 2022년 4월 20일2022년 4월 20일 by admin

CVE-2021-39033

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963.

Source: CVE-2021-39033

CVE-2022-29153

Posted on 2022년 4월 20일2022년 4월 20일 by admin

CVE-2022-29153

HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.

Source: CVE-2022-29153

CVE-2021-44519

Posted on 2022년 4월 20일2022년 4월 20일 by admin

CVE-2021-44519

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

Source: CVE-2021-44519

CVE-2022-29315

Posted on 2022년 4월 20일2022년 4월 20일 by admin

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.

Source: CVE-2022-29315

CVE-2022-26593

Posted on 2022년 4월 19일2022년 4월 19일 by admin

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module’s asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.

Source: CVE-2022-26593

CVE-2022-27927

Posted on 2022년 4월 19일2022년 4월 19일 by admin

CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

Source: CVE-2022-27927

CVE-2022-26595

Posted on 2022년 4월 19일2022년 4월 19일 by admin

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user’s site membership assignment UI.

Source: CVE-2022-26595

CVE-2021-43129

Posted on 2022년 4월 19일2022년 4월 19일 by admin

CVE-2021-43129

An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.

Source: CVE-2021-43129

CVE-2021-41570

Posted on 2022년 4월 19일2022년 4월 19일 by admin

CVE-2021-41570

Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.

Source: CVE-2021-41570