Security Vulnerabilities - CVEs Published In May 2024
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
CVSS Score
9.4
EPSS Score
0.0
Published
2024-05-08
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
CVSS Score
9.4
EPSS Score
0.0
Published
2024-05-08
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-05-08
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-08
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
7.5
EPSS Score
0.894
Published
2024-05-08
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,
the attackers can bypass using malicious parameters.
Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.
[1] https://github.com/apache/inlong/pull/9694
[2] https://github.com/apache/inlong/pull/9707
CVSS Score
9.8
EPSS Score
0.003
Published
2024-05-08
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
4.7
EPSS Score
0.005
Published
2024-05-08
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.871
Published
2024-05-08