Management Console
by Teraway
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19469 | Hig | 0.57 | 8.8 | 0.01 | Dec 1, 2019 | In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. | ||
| CVE-2017-20121 | Hig | 0.51 | 7.8 | 0.00 | Jun 30, 2022 | A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch… | ||
| CVE-2018-10934 | Med | 0.35 | 5.4 | 0.01 | Mar 27, 2019 | A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. | ||
| CVE-2018-2370 | Med | 0.35 | 5.3 | 0.01 | Feb 14, 2018 | Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | ||
| CVE-2024-42919 | 0.01 | — | 0.01 | Aug 20, 2024 | eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | |||
| CVE-2024-3509 | 0.00 | — | 0.00 | Jun 2, 2025 | A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account… | |||
| CVE-2024-21957 | 0.00 | — | 0.00 | Nov 12, 2024 | Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
- risk 0.57cvss 8.8epss 0.01
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
- risk 0.51cvss 7.8epss 0.00
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch…
- risk 0.35cvss 5.4epss 0.01
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
- risk 0.35cvss 5.3epss 0.01
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.
- CVE-2024-42919Aug 20, 2024risk 0.01cvss —epss 0.01
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.
- CVE-2024-3509Jun 2, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account…
- CVE-2024-21957Nov 12, 2024risk 0.00cvss —epss 0.00
Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.