Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-4611
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-09-22
CVE-2020-4612
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-09-22
CVE-2020-4613
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-09-22
CVE-2020-4614
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.
CVSS Score
3.7
EPSS Score
0.001
Published
2020-09-22
CVE-2020-4615
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-22
CVE-2020-4616
IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-09-22
CVE-2020-4617
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-22
CVE-2020-4618
IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-09-22
CVE-2020-24619
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-09-22
CVE-2020-8887
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved