Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2015-3954
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-03-25
CVE-2019-3476
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-03-25
CVE-2019-3479
Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.
CVSS Score
9.8
EPSS Score
0.074
Published
2019-03-25
CVE-2019-3480
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-03-25
CVE-2019-3481
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
CVSS Score
7.1
EPSS Score
0.004
Published
2019-03-25
CVE-2019-3482
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
CVSS Score
6.5
EPSS Score
0.021
Published
2019-03-25
CVE-2017-9362
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-03-25
CVE-2017-9376
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-03-25
CVE-2015-3952
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-03-25
CVE-2019-10016
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved