Vulnerabilities > NEC > Expresscluster X > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-17 CVE-2023-39544 Missing Authorization vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-862
8.8
2023-11-17 CVE-2023-39545 Files or Directories Accessible to External Parties vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-552
8.8
2023-11-17 CVE-2023-39546 Unspecified vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec
8.8
2023-11-17 CVE-2023-39547 Authentication Bypass by Capture-replay vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-294
8.8
2023-11-17 CVE-2023-39548 Unrestricted Upload of File with Dangerous Type vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-434
8.8
2021-11-03 CVE-2021-20705 Improper Input Validation vulnerability in NEC products
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
network
low complexity
nec CWE-20
7.5
2021-11-03 CVE-2021-20706 Improper Input Validation vulnerability in NEC products
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
network
low complexity
nec CWE-20
7.5
2021-11-03 CVE-2021-20707 Improper Input Validation vulnerability in NEC products
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..
network
low complexity
nec CWE-20
7.5
2020-09-10 CVE-2020-17408 Unspecified vulnerability in NEC Expresscluster X 4.1/4.2
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1.
network
low complexity
nec
7.5
2016-01-30 CVE-2016-1145 Path Traversal vulnerability in NEC Expresscluster X 3.3
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
nec CWE-22
7.5