Tripwire
Products
3- 4 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6237 | Cri | 0.64 | 9.8 | 0.02 | Dec 27, 2017 | The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | ||
| CVE-2024-4332 | Cri | 0.61 | — | 0.01 | Jun 3, 2024 | An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is… | ||
| CVE-2013-5005 | 0.00 | — | 0.01 | Jan 29, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params… | |||
| CVE-2008-0578 | 0.00 | — | 0.01 | Feb 5, 2008 | Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2004-0536 | 0.00 | — | 0.00 | Aug 6, 2004 | Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report. | |||
| CVE-2001-0774 | 0.00 | — | 0.00 | Oct 18, 2001 | Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. | |||
| CVE-1999-0464 | 0.00 | — | 0.00 | Jan 4, 1999 | Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. |
- risk 0.64cvss 9.8epss 0.02
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
- risk 0.61cvss —epss 0.01
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is…
- CVE-2013-5005Jan 29, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params…
- CVE-2008-0578Feb 5, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2004-0536Aug 6, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
- CVE-2001-0774Oct 18, 2001risk 0.00cvss —epss 0.00
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
- CVE-1999-0464Jan 4, 1999risk 0.00cvss —epss 0.00
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.