Security Vulnerabilities - CVEs Published In March 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-03-10
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
CVSS Score
9.4
EPSS Score
0.003
Published
2022-03-10
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-10
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-10
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-10
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-10
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-10
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10