Vulnerabilities / CVEs

This page provides details of some of the vulnerabilites I’ve identified and reported to vendors down the years.

CVE-2021-20477
IBM Planning Analytics Local – Cross-Site Scripting (XSS) Vulnerability
IBM Advisory: https://www.ibm.com/support/pages/node/6462331
NIST CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2021-20477

June 2020
Parallels RAS Username Enumeration Flaw
Parallels RAS Release Notes: https://kb.parallels.com/en/124713
Blog Post: https://www.attackdebris.com/?p=602

CVE-2019-17360
A Denial of Service (DoS) Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
Hitachi Advisory: https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-125/
NIST CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2019-17360

CVE-2018-21026
Information Disclosure Vulnerability in Hitachi Command Suite
Hitachi Advisory: https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-124/
NIST CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2018-21026

CVE-2017-6225
Brocade Fabric OS Cross-Site Scripting (XSS) Vulnerability
Broadcom Advisory: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525
NIST CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2017-6225

CVE-2015-1429
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation
Cybelesoft Advisory: https://www.cybelesoft.com/blog/cybele-software-inc-security-bulletin-2/
NIST CVE Record: https://nvd.nist.gov/vuln/detail/CVE-2015-1429