Security Vulnerabilities - CVEs Published In October 2019
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-10-29
After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-29
IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-10-29
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-10-29
CVE-2019-18187
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
Known exploited
CVSS Score
7.5
EPSS Score
0.719
Published
2019-10-28
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
CVSS Score
7.5
EPSS Score
0.027
Published
2019-10-28
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-10-28
An XML External Entity Injection vulnerability exists in Dzone AnswerHub.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-28
Python keyring lib before 0.10 created keyring files with world-readable permissions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-10-28
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
CVSS Score
9.8
EPSS Score
0.475
Published
2019-10-28