Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
891
VMScore
CVE-2021-32588
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated malicious user to execute unauthorized commands as root by uploading and deploying ma...
Fortinet Fortiportal
890
VMScore
CVE-2013-1221
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software prior to 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote malicious users to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub3...
Cisco Unified Customer Voice Portal 4.0\\(2\\)
Cisco Unified Customer Voice Portal 3.0
Cisco Unified Customer Voice Portal 8.0\\(1\\)
Cisco Unified Customer Voice Portal 3.6\\(10\\)
Cisco Unified Customer Voice Portal 8.5\\(1\\)
Cisco Unified Customer Voice Portal 4.0
Cisco Unified Customer Voice Portal 4.1
Cisco Unified Customer Voice Portal 7.0
Cisco Unified Customer Voice Portal 9.0
Cisco Unified Customer Voice Portal 7.0\\(2\\)
Cisco Unified Customer Voice Portal
890
VMScore
CVE-2010-0570
Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote malicious users to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378.
Cisco Digital Media Manager 5.0.1
Cisco Digital Media Manager 5.0.2
Cisco Digital Media Manager 5.0
Cisco Digital Media Manager 5.0.3
Cisco Digital Media Manager 5.1
835
VMScore
CVE-2019-1619
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote malicious user to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability i...
Cisco Data Center Network Manager 10.4\\(2\\)
1 EDB exploit
2 Metasploit modules
828
VMScore
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
801
VMScore
CVE-2021-39180
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions before 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomc...
Frentix Openolat
801
VMScore
CVE-2020-5805
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
Marvell Qconvergeconslole Gui
801
VMScore
CVE-2020-17388
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw e...
Marvell Qconvergeconsole
801
VMScore
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Dimo-crm Yellowbox Crm
801
VMScore
CVE-2017-6712
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote malicious user to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run ce...
Cisco Elastic Services Controller 2.3.0
Cisco Elastic Services Controller 2.0
Cisco Elastic Services Controller 1.0.0
Cisco Elastic Services Controller 2.1.0
Cisco Elastic Services Controller 1.1.0
Cisco Elastic Services Controller 2.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »