Security Vulnerabilities - CVEs Published In February 2022
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
CVSS Score
8.4
EPSS Score
0.0
Published
2022-02-15
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-02-15
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-02-15
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-15
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-02-15
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-15
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVSS Score
8.8
EPSS Score
0.01
Published
2022-02-15
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-02-15
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-02-15
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-02-15