Security Vulnerabilities - CVEs Published In April 2020
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-04-30
BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-30
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
CVSS Score
8.8
EPSS Score
0.011
Published
2020-04-30
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-04-30
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-04-30
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-30
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
CVSS Score
9.8
EPSS Score
0.772
Published
2020-04-29
ABBS Software Audio Media Player version 3.1 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-04-29
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-29
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
CVSS Score
9.8
EPSS Score
0.013
Published
2020-04-29