Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-13990
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
CVSS Score
5.3
EPSS Score
0.006
Published
2017-09-30
CVE-2017-13991
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
CVSS Score
5.3
EPSS Score
0.006
Published
2017-09-30
CVE-2017-14349
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-09-30
CVE-2017-14350
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-09-30
CVE-2017-14351
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
CVSS Score
9.8
EPSS Score
0.026
Published
2017-09-30
CVE-2017-14352
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-09-30
CVE-2017-14582
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-09-30
CVE-2017-14620
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
CVSS Score
6.1
EPSS Score
0.013
Published
2017-09-30
CVE-2017-14702
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
CVSS Score
9.8
EPSS Score
0.124
Published
2017-09-30
CVE-2017-14738
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
CVSS Score
9.8
EPSS Score
0.063
Published
2017-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved