Security Vulnerabilities - CVEs Published In March 2020
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
CVSS Score
6.1
EPSS Score
0.021
Published
2020-03-16
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-03-16
Contao before 4.5.7 has XSS in the system log.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-16
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-03-16
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-16
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-03-16
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.
CVSS Score
7.4
EPSS Score
0.001
Published
2020-03-16
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-03-16
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-16