Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2020-15904
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-07-22
CVE-2020-15901
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
CVSS Score
8.8
EPSS Score
0.065
Published
2020-07-22
CVE-2020-15902
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
CVSS Score
6.1
EPSS Score
0.428
Published
2020-07-22
CVE-2020-4369
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
CVSS Score
5.1
EPSS Score
0.0
Published
2020-07-22
CVE-2020-4371
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
CVSS Score
4.0
EPSS Score
0.0
Published
2020-07-22
CVE-2020-4372
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
CVSS Score
6.2
EPSS Score
0.0
Published
2020-07-22
CVE-2020-4385
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-07-22
CVE-2020-4397
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-07-22
CVE-2020-4399
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-07-22
CVE-2020-4400
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved