Security Vulnerabilities - CVEs Published In April 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-27
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
CVSS Score
8.8
EPSS Score
0.021
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
CVSS Score
8.8
EPSS Score
0.047
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-27
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-04-27