Intel Data Center Manager vulnerabilities

30 known vulnerabilities affecting intel/data_center_manager.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH14MEDIUM14

Vulnerabilities

Page 1 of 2

CVE-2023-31273CRITICALCVSS 9.8fixed in 5.22023-11-14

CVE-2023-31273 [CRITICAL] CWE-693 CVE-2023-31273: Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthentica Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2022-43475HIGHCVSS 7.8fixed in 5.12023-05-10

CVE-2022-43475 [MEDIUM] CWE-922 CVE-2022-43475: Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2022-41979HIGHCVSS 8.8fixed in 5.12023-05-10

CVE-2022-41979 [MEDIUM] CWE-693 CVE-2022-41979: Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authentica Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2022-41998HIGHCVSS 7.8fixed in 5.12023-05-10

CVE-2022-41998 [MEDIUM] CWE-427 CVE-2022-41998: Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2022-40210HIGHCVSS 7.8fixed in 5.0.12023-05-10

CVE-2022-40210 [MEDIUM] CWE-488 CVE-2022-40210: Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow a Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2022-44610HIGHCVSS 8.8fixed in 5.12023-05-10

CVE-2022-44610 [MEDIUM] CWE-287 CVE-2022-44610: Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated u Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2022-44619HIGHCVSS 7.8fixed in 5.12023-05-10

CVE-2022-44619 [HIGH] CWE-922 CVE-2022-44619: Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2022-40685MEDIUMCVSS 6.5fixed in 5.0.12023-05-10

CVE-2022-40685 [MEDIUM] CWE-522 CVE-2022-40685: Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

nvd

CVE-2022-33942HIGHCVSS 8.8fixed in 5.02022-11-11

CVE-2022-33942 [HIGH] CWE-693 CVE-2022-33942: Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenti Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

nvd

CVE-2022-23182HIGHCVSS 8.8fixed in 4.12022-08-18

CVE-2022-23182 [HIGH] CVE-2022-23182: Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

nvd

CVE-2022-21225HIGHCVSS 8.0fixed in 4.12022-08-18

CVE-2022-21225 [HIGH] CVE-2022-21225: Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

nvd

CVE-2022-23403MEDIUMCVSS 5.5fixed in 4.12022-08-18

CVE-2022-23403 [MEDIUM] CWE-20 CVE-2022-23403: Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

nvd

CVE-2022-24378MEDIUMCVSS 5.5fixed in 4.12022-08-18

CVE-2022-24378 [MEDIUM] CWE-665 CVE-2022-24378: Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

nvd

CVE-2020-12345HIGHCVSS 7.8fixed in 3.6.22020-11-12

CVE-2020-12345 [HIGH] CWE-281 CVE-2020-12345: Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3. Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2020-12347HIGHCVSS 8.8fixed in 3.6.22020-11-12

CVE-2020-12347 [HIGH] CWE-20 CVE-2020-12347: Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2020-8669MEDIUMCVSS 6.5fixed in 3.6.22020-11-12

CVE-2020-8669 [MEDIUM] CWE-20 CVE-2020-8669: Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

nvd

CVE-2020-12353MEDIUMCVSS 6.5fixed in 3.6.22020-11-12

CVE-2020-12353 [MEDIUM] CWE-281 CVE-2020-12353: Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an a Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.

nvd

CVE-2020-12349MEDIUMCVSS 6.5fixed in 3.6.22020-11-12

CVE-2020-12349 [MEDIUM] CWE-20 CVE-2020-12349: Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

nvd

CVE-2019-0105HIGHCVSS 7.8fixed in 5.0.22019-02-18

CVE-2019-0105 [HIGH] CWE-863 CVE-2019-0105: Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK befor Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.

nvd

CVE-2019-0102HIGHCVSS 8.8fixed in 5.0.22019-02-18

CVE-2019-0102 [HIGH] CWE-384 CVE-2019-0102: Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before versio Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

nvd

1 / 2Next →