Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2020-4909
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-04
CVE-2020-4910
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-04
CVE-2020-4912
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
CVSS Score
4.7
EPSS Score
0.003
Published
2021-01-04
CVE-2020-4913
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
CVSS Score
4.4
EPSS Score
0.0
Published
2021-01-04
CVE-2020-4916
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-01-04
CVE-2020-4917
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-01-04
CVE-2020-28464
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-04
CVE-2020-7771
The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-01-04
CVE-2019-16956
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
CVSS Score
5.4
EPSS Score
0.019
Published
2021-01-04
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
CVSS Score
5.4
EPSS Score
0.019
Published
2021-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved