Server Automation
by Microfocus
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5638 | Cri | 0.86 | 9.8 | 1.00 | KEV | Mar 11, 2017 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,… | |
| CVE-2017-9453 | 0.00 | — | 0.01 | Sep 5, 2023 | BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | |||
| CVE-2021-29238 | 0.00 | — | 0.01 | May 3, 2021 | CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). |
- risk 0.86cvss 9.8epss 1.00
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…
- CVE-2017-9453Sep 5, 2023risk 0.00cvss —epss 0.01
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
- CVE-2021-29238May 3, 2021risk 0.00cvss —epss 0.01
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).