Security Vulnerabilities - CVEs Published In March 2023
MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-03-28
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-28
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
CVSS Score
6.7
EPSS Score
0.035
Published
2023-03-28
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-28
A vulnerability exists in the SDM600 API web services authorization validation implementation.
An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
CVSS Score
7.7
EPSS Score
0.001
Published
2023-03-28
A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-28
A vulnerability exists in the SDM600 file permission validation.
An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
CVSS Score
9.9
EPSS Score
0.003
Published
2023-03-28
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.
This issue affects Apache Fineract: from 1.4 through 1.8.3.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract.
Authorized users may be able to change or add data in certain components.
This issue affects Apache Fineract: from 1.4 through 1.8.2.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract.
Authorized users may be able to exploit this for limited impact on components.
This issue affects apache fineract: from 1.4 through 1.8.2.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-03-28