Security Vulnerabilities - CVEs Published In April 2022
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-04-01
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-01
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.
CVSS Score
5.6
EPSS Score
0.002
Published
2022-04-01
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-01
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-04-01
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-01
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.
CVSS Score
6.1
EPSS Score
0.043
Published
2022-04-01
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
CVSS Score
8.3
EPSS Score
0.001
Published
2022-04-01
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.
CVSS Score
9.1
EPSS Score
0.028
Published
2022-04-01
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-01