VARIoT IoT vulnerabilities database
| VAR-202111-0082 | CVE-2021-31601 | Hitachi Vantara Pentaho and Pentaho Business Intelligence Server Vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials
| VAR-202111-0080 | CVE-2021-34684 | Hitachi Vantara Pentaho Business Analytic In SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. Hitachi Vantara Pentaho Business Analytic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-0079 | CVE-2021-34685 | Hitachi Vantara Pentaho Business Analytic Vulnerability in unlimited upload of dangerous types of files in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). Hitachi Vantara Pentaho Business Analytic Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-0058 | CVE-2021-42698 | DAQFactory Untrusted Data Deserialization Vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. DAQFactory There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
| VAR-202111-0012 | CVE-2021-42701 | DAQFactory Vulnerability in data modification that is assumed to be immutable in |
CVSS V2: 2.6 CVSS V3: 6.3 Severity: MEDIUM |
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account. DAQFactory There is a vulnerability in data modification that is supposed to be immutable.Information may be obtained and information may be tampered with. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
| VAR-202111-0013 | CVE-2021-42699 | DAQFactory Vulnerability in plaintext transmission of important information in |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. DAQFactory Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications.
A plaintext transmission vulnerability exists in DAQFactory 18.1 Build 2347 and earlier
| VAR-202111-0183 | CVE-2021-29843 | IBM MQ Security hole |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.
| VAR-202111-0047 | CVE-2021-25508 | SmartThings Vulnerability in privilege management in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. SmartThings Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung SmartThings is an application developed by Samsung of South Korea that can connect smart devices.
Samsung SmartThings versions prior to 1.7.73.22 have a permission management vulnerability
| VAR-202111-1784 | CVE-2021-39990 | HarmonyOS Out-of-bounds write vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. HarmonyOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Attackers can exploit this vulnerability to affect user availability
| VAR-202111-1783 | CVE-2021-39989 | HarmonyOS Illegal type conversion vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. HarmonyOS Exists in a vulnerability related to illegal type conversion.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS HwNearbyMain
| VAR-202111-1782 | CVE-2021-39988 | HarmonyOS In NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities
| VAR-202111-1781 | CVE-2021-39985 | HarmonyOS Vulnerability in array index validation in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities
| VAR-202111-1774 | CVE-2021-39987 | HarmonyOS Vulnerability regarding mix-ups in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. HarmonyOS contains a type confusion vulnerability.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities
| VAR-202111-1773 | CVE-2021-39984 | HarmonyOS Out-of-bounds read vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service. HarmonyOS Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities
| VAR-202111-1772 | CVE-2021-39983 | HarmonyOS Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS HwNearbyMain
| VAR-202111-1771 | CVE-2021-39977 | HarmonyOS In NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart
| VAR-202111-1770 | CVE-2021-39969 | plural Huawei Vulnerability related to resource leakage to the wrong area in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. plural Huawei Smartphone products contain a resource disclosure vulnerability to the wrong area.Information may be obtained
| VAR-202111-1768 | CVE-2021-39973 | plural Huawei in smartphone products NULL Pointer dereference vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down. plural Huawei For smartphone products, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
| VAR-202111-1765 | CVE-2021-37112 | HarmonyOS Vulnerability in externally controllable references to resources in another region of |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. HarmonyOS Exists in a vulnerability in externally controllable references to resources in another region.Information may be tampered with
| VAR-202111-1766 | CVE-2021-39966 | plural Huawei Vulnerability related to insufficient initialization of resources in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. plural Huawei Smartphone products contain a resource initialization vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. An attacker could exploit this vulnerability to compromise confidentiality