📦 Cmc

A stored XSS vulnerability in the Reports functionality allows authenticated users with report privileges to inject malicious JavaScript into reports. When victims view or import these reports, the at...

This path traversal vulnerability allows authenticated users with limited privileges to upload malicious Arc data archives that can write arbitrary files to any location on the system. This could lead...

An authenticated path traversal vulnerability in Time Machine functionality allows limited-privilege users to manipulate files in the /data folder through specially crafted requests. This affects syst...

This SQL injection vulnerability in the Alert functionality allows authenticated users with limited privileges to execute arbitrary SQL commands on the database. This could lead to unauthorized data a...

An access control vulnerability in CLI functionality allows authenticated users with limited privileges to execute administrative commands. This enables unauthorized configuration changes and potentia...

An unauthenticated attacker can cause a denial of service in Nozomi Networks Guardian and CMC by sending specially crafted malformed packets to the Asset Intelligence functionality. This crashes the I...

An unauthenticated SQL injection vulnerability in Nozomi Networks Guardian and CMC allows attackers to execute arbitrary SQL commands via specially crafted network packets targeting the Asset Intellig...

This is a blind SQL injection vulnerability in Nozomi Networks Guardian and CMC products that allows authenticated attackers to execute arbitrary SQL statements on the underlying database. Attackers c...

This CVE describes a blind SQL injection vulnerability in Nozomi Networks Guardian and CMC products. Authenticated attackers can execute arbitrary SQL statements due to improper input validation in th...

This vulnerability allows an authenticated local attacker to potentially access another user's session after logout in Guardian/CMC software. The issue occurs under specific timing conditions when usi...

This SQL injection vulnerability in Nozomi Networks Guardian and CMC allows authenticated attackers to execute arbitrary SQL queries on the underlying database. Attackers could potentially read, modif...

This vulnerability allows authenticated attackers with admin or report manager roles to execute arbitrary commands on Nozomi Networks Guardian and CMC appliances through improper input validation in c...

A stored HTML injection vulnerability in CMC's Sensor Map allows authenticated administrators on connected Guardian devices to inject malicious HTML into Guardian properties. When CMC users interact w...

A stored HTML injection vulnerability in Time Machine Snapshot Diff functionality allows unauthenticated attackers to inject HTML tags into asset attributes across two snapshots. When victims use the ...

An unauthenticated attacker can inject HTML into asset attributes by sending crafted network packets to the Asset List functionality. When users view affected assets, the injected HTML renders in thei...

A SQL injection vulnerability in the Smart Polling functionality allows authenticated users with limited privileges to execute arbitrary SELECT SQL statements. This could expose unauthorized data from...

An authenticated SQL injection vulnerability in CLI functionality allows limited-privilege users to execute arbitrary SELECT statements against the database. This exposes sensitive data that should be...