Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-11718
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-08-30
CVE-2018-11719
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.
CVSS Score
4.9
EPSS Score
0.008
Published
2018-08-30
CVE-2018-11720
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.
CVSS Score
7.5
EPSS Score
0.017
Published
2018-08-30
CVE-2018-16159
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
CVSS Score
9.8
EPSS Score
0.499
Published
2018-08-30
CVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.019
Published
2018-08-30
CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.018
Published
2018-08-30
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.009
Published
2018-08-30
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVSS Score
9.1
EPSS Score
0.018
Published
2018-08-30
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.168
Published
2018-08-30
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.014
Published
2018-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved