Security Vulnerabilities - CVEs Published In March 2023
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-03-22
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information
CVSS Score
4.3
EPSS Score
0.002
Published
2023-03-22
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field
in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
CVSS Score
7.5
EPSS Score
0.174
Published
2023-03-22
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
CVSS Score
9.8
EPSS Score
0.719
Published
2023-03-22
In affected versions, path traversal exists when processing a message of type 8
in Rockwell Automation's ThinManager ThinServer.
An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
CVSS Score
7.5
EPSS Score
0.547
Published
2023-03-22
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
CVSS Score
9.1
EPSS Score
0.022
Published
2023-03-22
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-03-21
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-03-21
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-03-21
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-03-21