Security Vulnerabilities - CVEs Published In March 2018
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-03-26
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
CVSS Score
6.1
EPSS Score
0.014
Published
2018-03-26
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-03-26
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
CVSS Score
9.8
EPSS Score
0.168
Published
2018-03-26
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-03-26
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.
CVSS Score
7.4
EPSS Score
0.001
Published
2018-03-26
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938.
CVSS Score
3.3
EPSS Score
0.0
Published
2018-03-26
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-03-26
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-26
IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-03-26