Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-4501
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-12
CVE-2023-38164
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
7.6
EPSS Score
0.002
Published
2023-09-12
CVE-2023-41764
Microsoft Office Spoofing Vulnerability
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-12
CVE-2023-38162
DHCP Server Service Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.069
Published
2023-09-12
CVE-2023-38163
Windows Defender Attack Surface Reduction Security Feature Bypass
CVSS Score
7.8
EPSS Score
0.004
Published
2023-09-12
CVE-2023-38161
Windows GDI Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-12
CVE-2023-38156
Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
CVSS Score
7.2
EPSS Score
0.002
Published
2023-09-12
CVE-2023-38160
Windows TCP/IP Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.002
Published
2023-09-12
CVE-2023-38155
Azure DevOps Server Remote Code Execution Vulnerability
CVSS Score
7.0
EPSS Score
0.014
Published
2023-09-12
CVE-2023-38147
Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved