Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CVSS Score
6.1
EPSS Score
0.435
Published
2023-09-05
CVE-2015-2201
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-09-05
CVE-2015-2202
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-09-05
CVE-2017-9453
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-09-05
CVE-2015-1390
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-09-05
CVE-2015-1391
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-05
CVE-2023-34994
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-09-05
CVE-2023-34998
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-09-05
CVE-2023-35124
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-09-05
CVE-2023-3374
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved