Security Vulnerabilities - CVEs Published In September 2017
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-19
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-09-19
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
CVSS Score
5.3
EPSS Score
0.134
Published
2017-09-19
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVSS Score
9.8
EPSS Score
0.286
Published
2017-09-19
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-19
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVSS Score
9.8
EPSS Score
0.682
Published
2017-09-19
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
CVSS Score
7.2
EPSS Score
0.065
Published
2017-09-19
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-19
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-19
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-09-19