Perforce: Security Vulnerabilities
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
CVSS Score
6.1
EPSS Score
0.007
Published
2020-02-12
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them
CVSS Score
6.5
EPSS Score
0.003
Published
2018-04-05
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-06
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
CVSS Score
4.6
EPSS Score
0.004
Published
2010-03-05
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-03-05
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-03-05
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-03-05
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-03-05
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
CVSS Score
6.8
EPSS Score
0.001
Published
2010-03-05
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
CVSS Score
7.1
EPSS Score
0.006
Published
2010-03-05