Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storage console vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-1761
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versi...
Redhat Openshift
5
CVSSv2
CVE-2021-38929
IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote malicious user to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330.
Ibm System Storage Ds8000 Management Console Firmware 88.50.0.0
Ibm System Storage Ds8000 Management Console Firmware 89.10.0.0
Ibm System Storage Ds8000 Management Console Firmware 89.20.0.0
5
CVSSv2
CVE-2021-38930
IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote malicious user to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331.
Ibm System Storage Ds8000 Management Console Firmware 88.50.0.0
Ibm System Storage Ds8000 Management Console Firmware 89.10.0.0
Ibm System Storage Ds8000 Management Console Firmware 89.20.0.0
2.1
CVSSv2
CVE-2018-11634
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS prior to 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.
Dialogic Powermedia Xms
Dialogic Powermedia Xms 3.5
4.3
CVSSv2
CVE-2018-11639
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS prior to 3.5 SU2 allows remote malicious users to access a user's password in cleartext.
Dialogic Powermedia Xms
Dialogic Powermedia Xms 3.5
NA
CVE-2022-43442
Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and previous versions, which may allow an malicious user to obtain the login password of +F FS040U and log in to the management console.
Fsi Fs040u Firmware
4.3
CVSSv2
CVE-2013-4676
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 prior to 2010 R3 SP3 and 2012 before SP2 allow remote malicious users to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creatio...
Symantec Backup Exec 2010 R3
Symantec Backup Exec 2012
3.5
CVSSv2
CVE-2020-15221
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
NA
CVE-2023-47148
IBM Storage Protect Plus Server 10.1.0 up to and including 10.1.15.2 Admin Console could allow a remote malicious user to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 2705...
Ibm Spectrum Protect Plus
7.5
CVSSv2
CVE-2021-2317
Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is before 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »