Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2020-6190
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.
CVSS Score
5.8
EPSS Score
0.003
Published
2020-02-12
CVE-2020-6191
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-02-12
CVE-2020-6192
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVSS Score
7.2
EPSS Score
0.002
Published
2020-02-12
CVE-2020-6193
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-02-12
CVE-2011-2343
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.
CVSS Score
2.4
EPSS Score
0.0
Published
2020-02-12
CVE-2011-2499
Mambo CMS through 4.6.5 has multiple XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-12
CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
CVSS Score
7.5
EPSS Score
0.236
Published
2020-02-12
CVE-2011-3901
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-12
CVE-2020-6177
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-12
CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
CVSS Score
5.8
EPSS Score
0.003
Published
2020-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved