Security Vulnerabilities - CVEs Published In February 2018
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-02-14
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-02-14
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-02-14
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-02-14
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-02-14
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-02-14
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-02-13
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-02-13
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
CVSS Score
7.5
EPSS Score
0.914
Published
2018-02-13
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
CVSS Score
3.7
EPSS Score
0.657
Published
2018-02-13