Security Vulnerabilities - CVEs Published In February 2022
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
CVSS Score
9.1
EPSS Score
0.001
Published
2022-02-25
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-02-25
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-25
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-02-25
The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code
CVSS Score
7.8
EPSS Score
0.005
Published
2022-02-25
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-25
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-02-25