Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2022
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-26
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.
CVSS Score
2.2
EPSS Score
0.001
Published
2022-01-26
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-01-26
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
CVSS Score
7.2
EPSS Score
0.024
Published
2022-01-26
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVSS Score
7.2
EPSS Score
0.034
Published
2022-01-26
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-26
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
CVSS Score
9.8
EPSS Score
0.064
Published
2022-01-26
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-01-26
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-01-26
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVSS Score
7.2
EPSS Score
0.037
Published
2022-01-26


Contact Us

Shodan ® - All rights reserved