Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2022-34351
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-02-17
CVE-2022-40231
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-17
CVE-2022-43579
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-02-17
CVE-2023-23279
Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-17
CVE-2023-24960
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-17
CVE-2023-24785
An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-17
CVE-2023-26020
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-02-17
CVE-2021-32441
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-17
CVE-2021-33226
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-17
CVE-2021-33391
An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved