Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2020
CVE-2020-6301
SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-12
CVE-2020-6309
SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-08-12
CVE-2020-6310
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-08-12
CVE-2020-17496
Known exploited
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
CVSS Score
9.8
EPSS Score
0.94
Published
2020-08-12
CVE-2020-2229
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.039
Published
2020-08-12
CVE-2020-2230
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
CVSS Score
5.4
EPSS Score
0.012
Published
2020-08-12
CVE-2020-2231
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-08-12
CVE-2020-2232
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-12
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-12
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved