Intel Data Center Manager

Protection mechanism failure in some Intel DCM software before version 5.2 may

CVE-2023-31273 9.8 - Critical - November 14, 2023

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Improper Privilege Management

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may

CVE-2022-41998 7.8 - High - May 10, 2023

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may

CVE-2022-44619 7.8 - High - May 10, 2023

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insecure Storage of Sensitive Information

Protection mechanism failure in the Intel(R) DCM software before version 5.1 may

CVE-2022-41979 8.8 - High - May 10, 2023

Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may

CVE-2022-43475 7.8 - High - May 10, 2023

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Insecure Storage of Sensitive Information

Improper authentication in the Intel(R) DCM software before version 5.1 may

CVE-2022-44610 8.8 - High - May 10, 2023

Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

authentification

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may

CVE-2022-40210 7.8 - High - May 10, 2023

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Exposure of Resource to Wrong Sphere

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may

CVE-2022-40685 6.5 - Medium - May 10, 2023

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Insufficiently Protected Credentials

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may

CVE-2022-33942 8.8 - High - November 11, 2022

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-23403 5.5 - Medium - August 18, 2022

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

Improper Input Validation

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-24378 5.5 - Medium - August 18, 2022

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

Improper Initialization

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-21225 8 - High - August 18, 2022

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-23182 8.8 - High - August 18, 2022

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2

CVE-2021-44228 10 - Critical - December 10, 2021

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Improper Input Validation

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-12349 6.5 - Medium - November 12, 2020

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

Improper Input Validation

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-12353 6.5 - Medium - November 12, 2020

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.

Improper Preservation of Permissions

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-12347 8.8 - High - November 12, 2020

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Improper Input Validation

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-12345 7.8 - High - November 12, 2020

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Preservation of Permissions

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may

CVE-2020-8669 6.5 - Medium - November 12, 2020

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

Improper Input Validation

Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0112 4.4 - Medium - February 18, 2019

Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access.

Improper Input Validation

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0111 5.5 - Medium - February 18, 2019

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

Incorrect Permission Assignment for Critical Resource

Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0110 5.5 - Medium - February 18, 2019

Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0109 7.8 - High - February 18, 2019

Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0108 5.5 - Medium - February 18, 2019

Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.

Incorrect Permission Assignment for Critical Resource

Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0107 6.7 - Medium - February 18, 2019

Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0106 6.7 - Medium - February 18, 2019

Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

Improper Input Validation

Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0105 7.8 - High - February 18, 2019

Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.

AuthZ

Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0104 5.5 - Medium - February 18, 2019

Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0103 5.5 - Medium - February 18, 2019

Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may

CVE-2019-0102 8.8 - High - February 18, 2019

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Session Fixation

Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may

CVE-2018-3679 9.6 - Critical - September 12, 2018

Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.