Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automation manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-25659
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as su...
Siemens Automation License Manager
NA
CVE-2011-4531
Siemens Automation License Manager (ALM) 4.0 up to and including 5.1+SP1+Upd1 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
Siemens Automation License Manager
1 EDB exploit
NA
CVE-2011-4532
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 up to and including 5.1+SP1+Upd2 allows remote malicious users to overwrite arbitrary files via the ...
Siemens Automation License Manager
1 EDB exploit
7.8
CVSSv3
CVE-2020-7583
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low per...
Siemens Automation License Manager
7.5
CVSSv3
CVE-2016-8563
Siemens Automation License Manager (ALM) prior to 5.3 SP3 Update 1 allows remote malicious users to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
Siemens Automation License Manager
6.5
CVSSv3
CVE-2016-8564
SQL injection vulnerability in Siemens Automation License Manager (ALM) prior to 5.3 SP3 Update 1 allows remote malicious users to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
Siemens Automation License Manager
8.2
CVSSv3
CVE-2022-2458
XML external entity injection(XXE) is a vulnerability that allows an malicious user to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The s...
Redhat Process Automation Manager
4.3
CVSSv3
CVE-2021-29751
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.6.0.0
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
5.4
CVSSv3
CVE-2020-4557
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.6.0.0
4.9
CVSSv3
CVE-2021-39046
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 18.0.0.2
Ibm Business Automation Workflow 19.0.0.3
Ibm Business Automation Workflow 19.0.0.1
Ibm Business Automation Workflow 19.0.0.2
Ibm Business Automation Workflow 20.0.0.1
Ibm Business Automation Workflow 20.0.0.2
Ibm Business Automation Workflow 21.0.2
Ibm Business Process Manager 8.5
Ibm Business Process Manager 8.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »