Security Vulnerabilities - CVEs Published In July 2022
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.041
Published
2022-07-07
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-07-07
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
CVSS Score
8.8
EPSS Score
0.162
Published
2022-07-07
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-07-07
EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.
CVSS Score
6.1
EPSS Score
0.011
Published
2022-07-07
The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-07-07
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-07-07
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVSS Score
9.1
EPSS Score
0.008
Published
2022-07-07
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-07-06
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-07-06