Security Vulnerabilities - CVEs Published In September 2022
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-09-09
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-09-09
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible.
CVSS Score
6.1
EPSS Score
0.021
Published
2022-09-09
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
CVSS Score
5.4
EPSS Score
0.026
Published
2022-09-09
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-09
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-09
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x
CVSS Score
8.1
EPSS Score
0.006
Published
2022-09-09
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application
CVSS Score
7.5
EPSS Score
0.005
Published
2022-09-09
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-09
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-09-09