Security Vulnerabilities - CVEs Published In June 2021
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
CVSS Score
7.5
EPSS Score
0.074
Published
2021-06-29
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-29
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-29
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-29
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-29
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
CVSS Score
8.1
EPSS Score
0.013
Published
2021-06-29
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-29
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-29
IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.
CVSS Score
4.0
EPSS Score
0.0
Published
2021-06-29
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-29