A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.ĭell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.ĭell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.ĭell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability.
The response to the request is not available to the attacker, i.e., this is blind SSRF.Ĭertain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine.
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3.