Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2021
CVE-2021-26858
Known exploited
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.551
Published
2021-03-03
CVE-2021-27065
Known exploited
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.943
Published
2021-03-03
CVE-2021-27078
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
9.1
EPSS Score
0.326
Published
2021-03-03
CVE-2021-26412
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
9.1
EPSS Score
0.242
Published
2021-03-03
CVE-2020-12527
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-03-02
CVE-2020-12528
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-03-02
CVE-2020-12529
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
CVSS Score
5.8
EPSS Score
0.002
Published
2021-03-02
CVE-2020-12530
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-02
CVE-2021-21255
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.
CVSS Score
5.8
EPSS Score
0.003
Published
2021-03-02
CVE-2021-21258
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
CVSS Score
6.8
EPSS Score
0.003
Published
2021-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved