Security Vulnerabilities - CVEs Published In June 2021
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-10
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-06-10
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-06-10
PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-10
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-10
SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-10
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-06-10
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-10
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-10
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-06-10