Vulnerabilites related to nec - expresscluster_x
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el WebManager CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la carga remota de archivos a trav\u00e9s de la red"
}
],
"id": "CVE-2021-20705",
"lastModified": "2024-11-21T05:47:02.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.887",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 06:15
Modified
2024-11-21 08:15
Severity ?
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4196C1DA-134A-429A-B77A-29A375156F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C1E9CB3B-0AAE-48B0-9350-248F7B6769D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D72DB989-B5F6-4267-AE17-E9E70261774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF4FDA8B-88DB-4A28-8413-AD2B469E615B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEDDB964-D450-458E-9914-FBBF461FC6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "8FD0DC93-3F47-4E7C-AD19-38B55DE9BB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "63FAB8BF-ED97-43A3-BC88-E2465677C064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "89B0DF78-5F14-4406-8DAF-B4C14EB7FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD41A216-F37C-42A6-87B8-12640BB8CC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "346E494D-B0AC-4578-BAC6-DF8077974097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "52799F1A-861D-4E6A-AB1D-5B9F7E38CFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD42A8C9-2B27-4B4D-B6EF-F8C91B716CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C6E0832-DFF8-45F2-A20D-EB74C759C7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D4493432-54AD-40C8-853A-B3ADB168D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5ADB524-7CFB-4DFF-97DE-3137FC982437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "ED150C7A-F9AA-41CF-B687-4CE90CCD7A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "8A8E1B05-6B9C-4D4D-8707-D06D8E0ED1FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "0B546585-8628-425E-BEFA-7F81FBC34C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "9432544E-865A-4FCB-A72F-69A07F33D1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "E9D1096B-7464-49DF-8327-F8EAB447D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "321507E4-C76E-412D-9159-2E319598F0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "66930816-7173-4B3D-B4A9-B099DB110F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "2313FFD6-2855-4849-BC76-0170D6E4D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CD518C2-DD9F-40EF-99C8-4905B8564389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "3946F267-C524-484D-850C-44177202C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "79CF00C5-92BB-42E5-885A-AA943DF19CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "649C43BE-3426-4A9A-B65C-C9261572B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "34979699-81D9-4661-9204-2B6B1F0B7A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "40A5B9FC-794F-4392-9106-13683AC67EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "45D0D3BF-A1DE-4E1F-B95B-B5081CBEC491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B9693BE-053C-41F9-B0A4-5F9BD6944A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FECCA0DF-CCF4-4845-9063-9630D087D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "3649B536-0648-4B9D-8029-F2FE7659A1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9C68C9F7-8B97-4D76-A30F-8C60AB4B48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "87B4C681-A581-495D-92E3-FB19EF278899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "A7D73BD4-8638-422B-962D-C42D87C327AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0020D96-F25C-464B-8EFB-CFCD176FBB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "03542908-3C27-4BEE-BD5C-FA55C8D27EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "28E21904-A4BB-4A0E-8B55-E95F254BED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5998B9A-8D0B-4B0F-B327-683BF221D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "20ABA36B-642E-4C8B-A57E-FC4CC19036C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "700EC5DC-D970-4BE5-8C39-944EEB81A5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "4C9E8E02-2A57-4A8D-BDEF-6F9621EB1115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "CDBBF0BE-4FD5-41A8-A7FA-122293248350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EE8CF0F-658D-4ED4-825D-26FC9EA71439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "1B21ABC2-9955-4A11-96F9-1B491F43466F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2837245-A053-4BCB-A741-2968F1A949F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"id": "CVE-2023-39544",
"lastModified": "2024-11-21T08:15:38.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T06:15:33.810",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.support.nec.co.jp/en/View.aspx?id=9510100319 | Patch, Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-20-1102/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.support.nec.co.jp/en/View.aspx?id=9510100319 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-1102/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | 4.1 | |
| nec | expresscluster_x | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre instalaciones afectadas de NEC ExpressCluster versi\u00f3n 4.1. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro del ejecutable clpwebmc. Debido a la restricci\u00f3n inadecuada de las referencias XML External Entity (XXE), un documento especialmente dise\u00f1ado que especifica un URI hace que el analizador XML acceda al URI e inserte el contenido en el documento XML para su posterior procesamiento. Un atacante puede aprovechar esta vulnerabilidad para revelar informaci\u00f3n en el contexto de SYSTEM. Fue ZDI-CAN-10801"
}
],
"id": "CVE-2020-17408",
"lastModified": "2024-11-21T05:08:02.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-10T17:15:29.687",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento del b\u00fafer en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una red"
}
],
"id": "CVE-2021-20702",
"lastModified": "2024-11-21T05:47:02.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.753",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento del b\u00fafer en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una red"
}
],
"id": "CVE-2021-20703",
"lastModified": "2024-11-21T05:47:02.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.797",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 06:15
Modified
2024-11-21 08:15
Severity ?
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4196C1DA-134A-429A-B77A-29A375156F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C1E9CB3B-0AAE-48B0-9350-248F7B6769D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D72DB989-B5F6-4267-AE17-E9E70261774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF4FDA8B-88DB-4A28-8413-AD2B469E615B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEDDB964-D450-458E-9914-FBBF461FC6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "8FD0DC93-3F47-4E7C-AD19-38B55DE9BB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "63FAB8BF-ED97-43A3-BC88-E2465677C064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "89B0DF78-5F14-4406-8DAF-B4C14EB7FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD41A216-F37C-42A6-87B8-12640BB8CC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "346E494D-B0AC-4578-BAC6-DF8077974097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "52799F1A-861D-4E6A-AB1D-5B9F7E38CFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD42A8C9-2B27-4B4D-B6EF-F8C91B716CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C6E0832-DFF8-45F2-A20D-EB74C759C7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D4493432-54AD-40C8-853A-B3ADB168D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5ADB524-7CFB-4DFF-97DE-3137FC982437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "ED150C7A-F9AA-41CF-B687-4CE90CCD7A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "8A8E1B05-6B9C-4D4D-8707-D06D8E0ED1FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "0B546585-8628-425E-BEFA-7F81FBC34C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "9432544E-865A-4FCB-A72F-69A07F33D1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "E9D1096B-7464-49DF-8327-F8EAB447D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "321507E4-C76E-412D-9159-2E319598F0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "66930816-7173-4B3D-B4A9-B099DB110F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "2313FFD6-2855-4849-BC76-0170D6E4D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CD518C2-DD9F-40EF-99C8-4905B8564389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "3946F267-C524-484D-850C-44177202C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "79CF00C5-92BB-42E5-885A-AA943DF19CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "649C43BE-3426-4A9A-B65C-C9261572B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "34979699-81D9-4661-9204-2B6B1F0B7A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "40A5B9FC-794F-4392-9106-13683AC67EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "45D0D3BF-A1DE-4E1F-B95B-B5081CBEC491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B9693BE-053C-41F9-B0A4-5F9BD6944A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FECCA0DF-CCF4-4845-9063-9630D087D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "3649B536-0648-4B9D-8029-F2FE7659A1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9C68C9F7-8B97-4D76-A30F-8C60AB4B48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "87B4C681-A581-495D-92E3-FB19EF278899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "A7D73BD4-8638-422B-962D-C42D87C327AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0020D96-F25C-464B-8EFB-CFCD176FBB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "03542908-3C27-4BEE-BD5C-FA55C8D27EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "28E21904-A4BB-4A0E-8B55-E95F254BED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5998B9A-8D0B-4B0F-B327-683BF221D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "20ABA36B-642E-4C8B-A57E-FC4CC19036C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "700EC5DC-D970-4BE5-8C39-944EEB81A5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "4C9E8E02-2A57-4A8D-BDEF-6F9621EB1115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "CDBBF0BE-4FD5-41A8-A7FA-122293248350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EE8CF0F-658D-4ED4-825D-26FC9EA71439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "1B21ABC2-9955-4A11-96F9-1B491F43466F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2837245-A053-4BCB-A741-2968F1A949F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"id": "CVE-2023-39548",
"lastModified": "2024-11-21T08:15:39.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T06:15:34.077",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-30 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | 3.3 | |
| nec | expresscluster_x | 3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "022F1A0D-E011-497E-8A2D-F00AC63CA59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en WebManager en NEC EXPRESSCLUSTER X hasta la versi\u00f3n 3.3 11.31 en Windows y hasta la versi\u00f3n 3.3 3.3.1-1 en Linux y Solaris permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1145",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-30T15:59:08.780",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-001.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN03050861/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN03050861/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-08 22:15
Modified
2025-05-02 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permite que un atacante remoto no autenticado sobrescriba archivos existentes en el sistema de archivos y potencialmente ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-34822",
"lastModified": "2025-05-02T19:15:50.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-08T22:15:13.853",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-08 22:15
Modified
2025-05-01 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de permisos d\u00e9biles de archivos y carpetas en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permite que un atacante remoto no autenticado sobrescriba archivos existentes en el sistema de archivos y potencialmente ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-34824",
"lastModified": "2025-05-01T19:15:52.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-08T22:15:14.353",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-08 22:15
Modified
2025-05-02 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permiten que un atacante remoto no autenticado sobrescriba archivos existentes en el sistema de archivos y potencialmente ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-34823",
"lastModified": "2025-05-02T18:15:24.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-08T22:15:13.993",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento del b\u00fafer en el Agente de Disco CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una red"
}
],
"id": "CVE-2021-20701",
"lastModified": "2024-11-21T05:47:02.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.710",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en el Agente de Disco CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una red"
}
],
"id": "CVE-2021-20700",
"lastModified": "2024-11-21T05:47:02.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.667",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento del b\u00fafer en la API compatible con las versiones anteriores CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una red"
}
],
"id": "CVE-2021-20704",
"lastModified": "2024-11-21T05:47:02.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.840",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el WebManager CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la carga remota de archivos a trav\u00e9s de la red"
}
],
"id": "CVE-2021-20706",
"lastModified": "2024-11-21T05:47:02.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.930",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 06:15
Modified
2024-11-21 08:15
Severity ?
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4196C1DA-134A-429A-B77A-29A375156F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C1E9CB3B-0AAE-48B0-9350-248F7B6769D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D72DB989-B5F6-4267-AE17-E9E70261774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF4FDA8B-88DB-4A28-8413-AD2B469E615B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEDDB964-D450-458E-9914-FBBF461FC6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "8FD0DC93-3F47-4E7C-AD19-38B55DE9BB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "63FAB8BF-ED97-43A3-BC88-E2465677C064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "89B0DF78-5F14-4406-8DAF-B4C14EB7FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD41A216-F37C-42A6-87B8-12640BB8CC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "346E494D-B0AC-4578-BAC6-DF8077974097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "52799F1A-861D-4E6A-AB1D-5B9F7E38CFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD42A8C9-2B27-4B4D-B6EF-F8C91B716CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C6E0832-DFF8-45F2-A20D-EB74C759C7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D4493432-54AD-40C8-853A-B3ADB168D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5ADB524-7CFB-4DFF-97DE-3137FC982437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "ED150C7A-F9AA-41CF-B687-4CE90CCD7A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "8A8E1B05-6B9C-4D4D-8707-D06D8E0ED1FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "0B546585-8628-425E-BEFA-7F81FBC34C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "9432544E-865A-4FCB-A72F-69A07F33D1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "E9D1096B-7464-49DF-8327-F8EAB447D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "2313FFD6-2855-4849-BC76-0170D6E4D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CD518C2-DD9F-40EF-99C8-4905B8564389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "3946F267-C524-484D-850C-44177202C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "79CF00C5-92BB-42E5-885A-AA943DF19CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "649C43BE-3426-4A9A-B65C-C9261572B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "34979699-81D9-4661-9204-2B6B1F0B7A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "40A5B9FC-794F-4392-9106-13683AC67EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "45D0D3BF-A1DE-4E1F-B95B-B5081CBEC491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B9693BE-053C-41F9-B0A4-5F9BD6944A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FECCA0DF-CCF4-4845-9063-9630D087D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "3649B536-0648-4B9D-8029-F2FE7659A1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9C68C9F7-8B97-4D76-A30F-8C60AB4B48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "87B4C681-A581-495D-92E3-FB19EF278899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "A7D73BD4-8638-422B-962D-C42D87C327AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0020D96-F25C-464B-8EFB-CFCD176FBB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "03542908-3C27-4BEE-BD5C-FA55C8D27EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "28E21904-A4BB-4A0E-8B55-E95F254BED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5998B9A-8D0B-4B0F-B327-683BF221D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "20ABA36B-642E-4C8B-A57E-FC4CC19036C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "700EC5DC-D970-4BE5-8C39-944EEB81A5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "4C9E8E02-2A57-4A8D-BDEF-6F9621EB1115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "CDBBF0BE-4FD5-41A8-A7FA-122293248350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EE8CF0F-658D-4ED4-825D-26FC9EA71439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"id": "CVE-2023-39547",
"lastModified": "2024-11-21T08:15:39.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T06:15:34.017",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 06:15
Modified
2024-11-21 08:15
Severity ?
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4196C1DA-134A-429A-B77A-29A375156F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C1E9CB3B-0AAE-48B0-9350-248F7B6769D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D72DB989-B5F6-4267-AE17-E9E70261774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF4FDA8B-88DB-4A28-8413-AD2B469E615B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEDDB964-D450-458E-9914-FBBF461FC6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "8FD0DC93-3F47-4E7C-AD19-38B55DE9BB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "63FAB8BF-ED97-43A3-BC88-E2465677C064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "89B0DF78-5F14-4406-8DAF-B4C14EB7FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD41A216-F37C-42A6-87B8-12640BB8CC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "346E494D-B0AC-4578-BAC6-DF8077974097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "52799F1A-861D-4E6A-AB1D-5B9F7E38CFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD42A8C9-2B27-4B4D-B6EF-F8C91B716CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C6E0832-DFF8-45F2-A20D-EB74C759C7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D4493432-54AD-40C8-853A-B3ADB168D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5ADB524-7CFB-4DFF-97DE-3137FC982437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "ED150C7A-F9AA-41CF-B687-4CE90CCD7A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "8A8E1B05-6B9C-4D4D-8707-D06D8E0ED1FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "0B546585-8628-425E-BEFA-7F81FBC34C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "9432544E-865A-4FCB-A72F-69A07F33D1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "E9D1096B-7464-49DF-8327-F8EAB447D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "321507E4-C76E-412D-9159-2E319598F0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "66930816-7173-4B3D-B4A9-B099DB110F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "2313FFD6-2855-4849-BC76-0170D6E4D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CD518C2-DD9F-40EF-99C8-4905B8564389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "3946F267-C524-484D-850C-44177202C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "79CF00C5-92BB-42E5-885A-AA943DF19CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "649C43BE-3426-4A9A-B65C-C9261572B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "34979699-81D9-4661-9204-2B6B1F0B7A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "40A5B9FC-794F-4392-9106-13683AC67EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "45D0D3BF-A1DE-4E1F-B95B-B5081CBEC491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B9693BE-053C-41F9-B0A4-5F9BD6944A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FECCA0DF-CCF4-4845-9063-9630D087D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "3649B536-0648-4B9D-8029-F2FE7659A1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9C68C9F7-8B97-4D76-A30F-8C60AB4B48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "87B4C681-A581-495D-92E3-FB19EF278899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "A7D73BD4-8638-422B-962D-C42D87C327AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0020D96-F25C-464B-8EFB-CFCD176FBB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "03542908-3C27-4BEE-BD5C-FA55C8D27EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "28E21904-A4BB-4A0E-8B55-E95F254BED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5998B9A-8D0B-4B0F-B327-683BF221D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "20ABA36B-642E-4C8B-A57E-FC4CC19036C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "700EC5DC-D970-4BE5-8C39-944EEB81A5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "4C9E8E02-2A57-4A8D-BDEF-6F9621EB1115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "CDBBF0BE-4FD5-41A8-A7FA-122293248350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EE8CF0F-658D-4ED4-825D-26FC9EA71439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "1B21ABC2-9955-4A11-96F9-1B491F43466F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2837245-A053-4BCB-A741-2968F1A949F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"id": "CVE-2023-39545",
"lastModified": "2024-11-21T08:15:38.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T06:15:33.880",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 06:15
Modified
2024-11-21 08:15
Severity ?
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4196C1DA-134A-429A-B77A-29A375156F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C1E9CB3B-0AAE-48B0-9350-248F7B6769D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D72DB989-B5F6-4267-AE17-E9E70261774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF4FDA8B-88DB-4A28-8413-AD2B469E615B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEDDB964-D450-458E-9914-FBBF461FC6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "8FD0DC93-3F47-4E7C-AD19-38B55DE9BB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "63FAB8BF-ED97-43A3-BC88-E2465677C064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "89B0DF78-5F14-4406-8DAF-B4C14EB7FC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD41A216-F37C-42A6-87B8-12640BB8CC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "346E494D-B0AC-4578-BAC6-DF8077974097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "52799F1A-861D-4E6A-AB1D-5B9F7E38CFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "CD42A8C9-2B27-4B4D-B6EF-F8C91B716CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C6E0832-DFF8-45F2-A20D-EB74C759C7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "53BEC071-946B-452C-9DC1-61513FA5EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "D4493432-54AD-40C8-853A-B3ADB168D3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5ADB524-7CFB-4DFF-97DE-3137FC982437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "ED150C7A-F9AA-41CF-B687-4CE90CCD7A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8B34136-A724-4302-B1B9-D195495C5C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "8A8E1B05-6B9C-4D4D-8707-D06D8E0ED1FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "70061059-7EFF-4B5C-A546-229A2096C0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "0B546585-8628-425E-BEFA-7F81FBC34C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "9432544E-865A-4FCB-A72F-69A07F33D1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "E9D1096B-7464-49DF-8327-F8EAB447D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "247EC97F-02F6-4EF3-A450-602BA5FEF257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "321507E4-C76E-412D-9159-2E319598F0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "66930816-7173-4B3D-B4A9-B099DB110F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "2313FFD6-2855-4849-BC76-0170D6E4D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CD518C2-DD9F-40EF-99C8-4905B8564389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "3946F267-C524-484D-850C-44177202C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "79CF00C5-92BB-42E5-885A-AA943DF19CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "649C43BE-3426-4A9A-B65C-C9261572B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "34979699-81D9-4661-9204-2B6B1F0B7A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "40A5B9FC-794F-4392-9106-13683AC67EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "45D0D3BF-A1DE-4E1F-B95B-B5081CBEC491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B9693BE-053C-41F9-B0A4-5F9BD6944A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "FECCA0DF-CCF4-4845-9063-9630D087D61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "3649B536-0648-4B9D-8029-F2FE7659A1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "9C68C9F7-8B97-4D76-A30F-8C60AB4B48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "87B4C681-A581-495D-92E3-FB19EF278899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "A7D73BD4-8638-422B-962D-C42D87C327AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F0020D96-F25C-464B-8EFB-CFCD176FBB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "03542908-3C27-4BEE-BD5C-FA55C8D27EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "28E21904-A4BB-4A0E-8B55-E95F254BED0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "F5998B9A-8D0B-4B0F-B327-683BF221D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "20ABA36B-642E-4C8B-A57E-FC4CC19036C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "700EC5DC-D970-4BE5-8C39-944EEB81A5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*",
"matchCriteriaId": "4C9E8E02-2A57-4A8D-BDEF-6F9621EB1115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "CDBBF0BE-4FD5-41A8-A7FA-122293248350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "4EE8CF0F-658D-4ED4-825D-26FC9EA71439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0F366B5-3A07-435F-BE9E-79688D3BBF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "1B21ABC2-9955-4A11-96F9-1B491F43466F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2837245-A053-4BCB-A741-2968F1A949F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
},
{
"lang": "es",
"value": "CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesi\u00f3n en el producto y pueda ejecutar un comando arbitrario."
}
],
"id": "CVE-2023-39546",
"lastModified": "2024-11-21T08:15:38.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T06:15:33.947",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-836"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-08 22:15
Modified
2025-05-01 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "24FBE714-4A8F-420F-9D08-D927B8C3E4C5",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "591AE130-A2FE-413E-B92E-2468A6E65A6B",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
},
{
"lang": "es",
"value": "Elemento de Ruta de B\u00fasqueda No Controlada en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones anteriores, CLUSTERPRO X 5.0 SingleServerSafe para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 SingleServerSafe para Windows y versiones anteriores permiten que un atacante remoto no autenticado sobrescriba archivos existentes en el archivo sistema y potencialmente ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-34825",
"lastModified": "2025-05-01T19:15:52.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-08T22:15:14.483",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 00:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nec | clusterpro_x | * | |
| nec | clusterpro_x_singleserversafe | * | |
| nec | expresscluster_x | * | |
| nec | expresscluster_x_singleserversafe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nec:clusterpro_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "109DED36-3D51-4EDF-8187-63F3415BC2B7",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:clusterpro_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "AADFE051-D950-4027-B9C4-EB53B3881001",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBD9B299-1A5E-4329-BC51-606A0EF00822",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nec:expresscluster_x_singleserversafe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5717B4C8-9622-4A08-9E29-E6B66800CE99",
"versionEndIncluding": "4.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada inadecuada en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante leer archivos cargados a trav\u00e9s de la red"
}
],
"id": "CVE-2021-20707",
"lastModified": "2024-11-21T05:47:02.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T00:15:07.970",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-34823 (GCVE-0-2022-34823)
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2025-05-02 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:12:55.243855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:13:39.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2022-34823",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:13:39.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1145 (GCVE-0-2016-1145)
Vulnerability from cvelistv5
Published
2016-01-30 15:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#03050861",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN03050861/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-001.html"
},
{
"name": "JVNDB-2016-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-30T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#03050861",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN03050861/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-001.html"
},
{
"name": "JVNDB-2016-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#03050861",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN03050861/index.html"
},
{
"name": "http://jpn.nec.com/security-info/secinfo/nv16-001.html",
"refsource": "CONFIRM",
"url": "http://jpn.nec.com/security-info/secinfo/nv16-001.html"
},
{
"name": "JVNDB-2016-000015",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1145",
"datePublished": "2016-01-30T15:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17408 (GCVE-0-2020-17408)
Vulnerability from cvelistv5
Published
2020-09-10 16:35
Modified
2024-08-04 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC | ExpressCluster |
Version: 4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ExpressCluster",
"vendor": "NEC",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "rgod"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T16:35:18",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-17408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExpressCluster",
"version": {
"version_data": [
{
"version_value": "4.1"
}
]
}
}
]
},
"vendor_name": "NEC"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1102/"
},
{
"name": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319",
"refsource": "MISC",
"url": "https://www.support.nec.co.jp/en/View.aspx?id=9510100319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-17408",
"datePublished": "2020-09-10T16:35:18",
"dateReserved": "2020-08-07T00:00:00",
"dateUpdated": "2024-08-04T13:53:16.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39545 (GCVE-0-2023-39545)
Vulnerability from cvelistv5
Published
2023-11-17 05:30
Modified
2024-08-29 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or directories accessible to external parties
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Version: 1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:29:22.540390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:31:29.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or directories accessible to external parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:49:21.575Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39545",
"datePublished": "2023-11-17T05:30:10.859Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-08-29T14:31:29.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20706 (GCVE-0-2021-20706)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper input Validation
Summary
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:23",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20706",
"datePublished": "2021-11-02T23:30:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39546 (GCVE-0-2023-39546)
Vulnerability from cvelistv5
Published
2023-11-17 05:31
Modified
2024-08-29 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-836 - Use of password hash instead of password for authentication
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Version: 1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:33:00.592206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:33:29.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of password hash instead of password for authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:49:51.705Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39546",
"datePublished": "2023-11-17T05:31:08.331Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-08-29T14:33:29.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34825 (GCVE-0-2022-34825)
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2025-05-01 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Uncontrolled Search Path Element
Summary
Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:23:30.582246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:23:44.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2022-34825",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:23:44.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20703 (GCVE-0-2021-20703)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:19",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20703",
"datePublished": "2021-11-02T23:30:28",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20705 (GCVE-0-2021-20705)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper input Validation
Summary
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:26",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20705",
"datePublished": "2021-11-02T23:30:43",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20701 (GCVE-0-2021-20701)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:25",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20701",
"datePublished": "2021-11-02T23:30:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39544 (GCVE-0-2023-39544)
Vulnerability from cvelistv5
Published
2023-11-17 05:28
Modified
2024-08-29 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing authorization
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NEC Corporation | CLUSTERPRO X(EXPRESSCLUSTER X) |
Version: 1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:32:23.652468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:33:42.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X(EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:48:56.515Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39544",
"datePublished": "2023-11-17T05:28:26.493Z",
"dateReserved": "2023-08-04T07:22:19.321Z",
"dateUpdated": "2024-08-29T14:33:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39547 (GCVE-0-2023-39547)
Vulnerability from cvelistv5
Published
2023-11-17 05:31
Modified
2024-12-02 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-294 - Authentication bypass by Capture-replay
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Version: 1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:25:13.395504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:52:58.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:50:37.452Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39547",
"datePublished": "2023-11-17T05:31:27.701Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-12-02T18:52:58.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20704 (GCVE-0-2021-20704)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:22",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20704",
"datePublished": "2021-11-02T23:30:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20707 (GCVE-0-2021-20707)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper input Validation
Summary
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:21",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20707",
"datePublished": "2021-11-02T23:30:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20700 (GCVE-0-2021-20700)
Vulnerability from cvelistv5
Published
2021-11-02 23:29
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:20",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20700",
"datePublished": "2021-11-02T23:29:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34824 (GCVE-0-2022-34824)
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2025-05-01 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Weak File and Folder Permissions
Summary
Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:24:01.790437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:24:19.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak File and Folder Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2022-34824",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:24:19.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39548 (GCVE-0-2023-39548)
Vulnerability from cvelistv5
Published
2023-11-17 05:31
Modified
2024-12-02 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Version: 1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:17:21.435014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:52:37.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted upload of file with dangerous type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:51:09.351Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39548",
"datePublished": "2023-11-17T05:31:40.336Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-12-02T18:52:37.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20702 (GCVE-0-2021-20702)
Vulnerability from cvelistv5
Published
2021-11-02 23:30
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:24",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2021-20702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CLUSTERPRO X",
"version": {
"version_data": [
{
"version_value": "CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2021-20702",
"datePublished": "2021-11-02T23:30:03",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34822 (GCVE-0-2022-34822)
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2025-05-02 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path traversal
Summary
Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | CLUSTERPRO X |
Version: CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:14:43.350377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:15:28.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv22-014_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2022-34822",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:15:28.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}