Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-14947
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."
CVSS Score
7.8
EPSS Score
0.004
Published
2017-09-30
CVE-2017-13684
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-30
CVE-2017-13982
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
CVSS Score
8.8
EPSS Score
0.033
Published
2017-09-30
CVE-2017-13983
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
CVSS Score
9.8
EPSS Score
0.2
Published
2017-09-30
CVE-2017-13984
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVSS Score
6.5
EPSS Score
0.017
Published
2017-09-30
CVE-2017-13985
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-30
CVE-2017-13986
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-09-30
CVE-2017-13987
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-09-30
CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-09-30
CVE-2017-13989
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
CVSS Score
8.1
EPSS Score
0.003
Published
2017-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved