Title: Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability
Published Date: Jul 02, 2014
Risk Index: 9.05 of 10 (Critical)
Summary: A critical vulnerability has been identified in the XML parser component of Hewlett-Packard (HP) Universal Configuration Management Database (CMDB) versions 10.01 and 10.10. This vulnerability, referenced as CVE-2014-2617, allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, which have been abstractly discussed but are highly severe. The track name associated with this vulnerability is ZDI-CAN-2104.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. The potential consequences include installation of malware, unauthorized system modifications, decryption and exfiltration of confidential information, and more, thereby compromising the integrity, confidentiality, and availability of the affected enterprise systems.
Title: Improper Authentication in Apache Shiro
Published Date: Mar 25, 2020
Risk Index: 8.54 of 10 (High)
Summary: A critical vulnerability has been identified in the authentication component of Apache Shiro when used with Spring dynamic controllers. A specially crafted request may cause an authentication bypass.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. This leads to significant security risks, such as data breaches, unauthorized data manipulation, and potentially the execution of malicious scripts.
Title: Critical severity vulnerability that affects org.apache.solr:solr-core
Published Date: Mar 07, 2019
Risk Index: 9.16 of 10 (Critical)
Summary: A critical vulnerability has been identified in the Config API of Apache Solr. This vulnerability, cataloged as CVE-2019-0192, allows configuring the JMX server via an HTTP POST request. An attacker can exploit this configuration to point the server to a malicious RMI server, facilitating unsafe deserialization that could lead to remote code execution on the Solr server.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to execute arbitrary code on the affected Solr server. Successful exploitation could lead to a full compromise of the server, including unauthorized access to sensitive data, alteration or deletion of data, and potential lateral movement within the network to compromise other systems. The gravity of this vulnerability is reflected in its high CVSS scores of 9.8 (CVSSv3) and 7.5 (CVSSv2), indicating its significant potential impact on security.