Security Vulnerabilities - CVEs Published In October 2018
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-10-12
NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.
CVSS Score
8.8
EPSS Score
0.04
Published
2018-10-12
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-10-12
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-10-12
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-12
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-12
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-12
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-12
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-10-12
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.
CVSS Score
7.1
EPSS Score
0.004
Published
2018-10-12