Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-30178
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-07
CVE-2021-27900
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-04-06
CVE-2020-13420
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-04-06
CVE-2020-13421
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-04-06
CVE-2020-13422
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
CVSS Score
8.1
EPSS Score
0.001
Published
2021-04-06
CVE-2021-22157
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-06
CVE-2021-22158
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-04-06
CVE-2021-27899
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.
CVSS Score
7.4
EPSS Score
0.001
Published
2021-04-06
CVE-2020-13418
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-06
CVE-2020-13419
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved