Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2020-13380
openSIS before 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-07-01
CVE-2020-13381
openSIS through 7.4 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.46
Published
2020-07-01
CVE-2020-13382
openSIS through 7.4 has Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.586
Published
2020-07-01
CVE-2020-13383
openSIS through 7.4 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.421
Published
2020-07-01
CVE-2019-4676
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-07-01
CVE-2019-4704
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.
CVSS Score
3.7
EPSS Score
0.001
Published
2020-07-01
CVE-2019-4705
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.
CVSS Score
2.7
EPSS Score
0.001
Published
2020-07-01
CVE-2019-4706
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.
CVSS Score
2.7
EPSS Score
0.001
Published
2020-07-01
CVE-2020-12604
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-07-01
CVE-2020-12605
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved