Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-11718
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-30
CVE-2018-11719
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.
CVSS Score
4.9
EPSS Score
0.002
Published
2018-08-30
CVE-2018-11720
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-30
CVE-2018-16159
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
CVSS Score
9.8
EPSS Score
0.664
Published
2018-08-30
CVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-08-30
CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-08-30
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-30
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVSS Score
9.1
EPSS Score
0.005
Published
2018-08-30
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.481
Published
2018-08-30
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved