/CVEs

CVEs

HPE Integrated Lights-Out https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04143en_us
1] CVE-2021-29208 DOM XSS, CRLF injection
2] CVE-2021-29209 DOM XSS, CRLF injection
3] CVE-2021-29210 DOM XSS, CRLF injection

Oracle Business Intelligence Enterprise Edition - https://www.oracle.com/security-alerts/cpuapr2021.html
4] CVE-2021-2191 Stored Cross-Site Scripting + CSRF

Oracle ESSBASE ADMINISTRATION SERVICES https://www.oracle.com/security-alerts/cpujul2021.html
5] CVE-2021-2349 SQL Injection
6] CVE-2021-2350 Arbitrary File Read

Dell EMC iDRAC9 https://www.dell.com/support/kbdoc/pl-pl/000189193/
7] CVE-2021-21576 DOM XSS
8] CVE-2021-21577 DOM XSS
9] CVE-2021-21578 Open Redirection
10] CVE-2021-21579 Open Redirection

Solarwinds Orion https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1
11] CVE-2021-35238 Stored XSS
12] CVE-2021-35239 Stored XSS
13] CVE-2021-35240 Stored XSS

IBM Tivoli Netcool/OMNIbus WebGUI https://www.ibm.com/support/pages/node/6471067
14] CVE-2021-29803 Stored XSS
15] CVE-2021-29804 Stored XSS
16] CVE-2021-29805 Stored XSS
17] CVE-2021-29822 Reflected XSS

IBM Tivoli Netcool/OMNIbus WebGUI https://www.ibm.com/support/pages/node/6490747
18] CVE-2021-29808 Stored XSS
19] CVE-2021-29809 Stored XSS
20] CVE-2021-29819 XSS
21] CVE-2021-29856 Denial of Service
22] CVE-2021-29820 XSS
23] CVE-2021-29811 Information disclosure
24] CVE-2021-29818 XSS
25] CVE-2021-29817 XSS
26] CVE-2021-29821 XSS
27] CVE-2021-29806 XSS
28] CVE-2021-29807 XSS

IBM WebSphere App Server https://www.ibm.com/support/pages/node/6489485
29] CVE-2021-29842 User enumeration

IBM Jazz for Service Management
30] CVE-2021-29831 XXE - https://www.ibm.com/support/pages/node/6490905
31] CVE-2021-29800 Stored XSS - https://www.ibm.com/support/pages/node/6491109
32] CVE-2021-29810 Stored XSS - https://www.ibm.com/support/pages/node/6491547
33] CVE-2021-29815 Stored XSS - https://www.ibm.com/support/pages/node/6491537
34] CVE-2021-29905 XSS - https://www.ibm.com/support/pages/node/6491523
35] CVE-2021-29904 Information disclosure - https://www.ibm.com/support/pages/node/6491525
36] CVE-2021-29814 Stored XSS - https://www.ibm.com/support/pages/node/6491539
37] CVE-2021-29832 Stored XSS - https://www.ibm.com/support/pages/node/6491529
38] CVE-2021-29812 Stored XSS - https://www.ibm.com/support/pages/node/6491545
39] CVE-2021-29813 Stored XSS - https://www.ibm.com/support/pages/node/6491543
40] CVE-2021-29816 CSRF - https://www.ibm.com/support/pages/node/6491535

41] CVE-2021-29833 Stored XSS https://www.ibm.com/support/pages/node/6496579

IBM InfoSphere DataStage
42] CVE-2022-40747 XXE - https://www.ibm.com/support/pages/security-bulletin-ibm-infosphere-information-server-vulnerable-xml-external-entity-injection-cve-2022-40747
43] CVE-2022-40752 RCE - https://www.ibm.com/support/pages/node/6833566

SquaredUp SCOM 5.2.1.6654
https://support.squaredup.com/hc/en-us/sections/4408837889297-Security-Advisory
44] CVE-2021-40090 - A username enumeration issue was discovered in SquaredUp for SCOM 5.2.1.6654. The login functionality could enable an attacker to guess valid usernames due to a different response time for invalid usernames.
45] CVE-2021-40091 - An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654
46] CVE-2021-40092 - A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.
47] CVE-2021-40093 - A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.
48] CVE-2021-40094 - A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.
49] CVE-2021-40095 - An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.
50] CVE-2021-40096 - A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.

SquaredUp SCOM SU 5.5.1.8414
https://scomsupport.squaredup.com/hc/en-us/articles/8862924445853-Release-Notes-for-Dashboard-Server-SCOM-Edition
51] CVE-2022-46784 - Security Vulnerability - Open redirection
52] CVE-2022-46785 - Prototype pollution leading to XSS
53] CVE-2022-46786 - Stored Cross-Site Scripting

IBM InfoSphere Information Server
54] CVE-2022-47983 - DOM-Based XSS - https://www.ibm.com/support/pages/node/6857695
55] CVE-2022-40753 - DOM-Based XSS - https://www.ibm.com/support/pages/node/6830015
56] CVE-2022-40748 - DOM-Based XSS - https://www.ibm.com/support/pages/node/6695961

Apache Knox
57] CVE-2021-42357 - DOM-Based XSS - https://www.cve.org/CVERecord?id=CVE-2021-42357