Security Vulnerabilities - CVEs Published In May 2022
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-17
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-17
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-17
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-05-17
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVSS Score
3.9
EPSS Score
0.005
Published
2022-05-17
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited
CVSS Score
8.6
EPSS Score
0.478
Published
2022-05-17
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-05-17
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-05-17
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-05-17
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-05-17