Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-38650
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
10.0
EPSS Score
0.003
Published
2022-11-12
CVE-2022-43671
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.625
Published
2022-11-12
CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
CVSS Score
9.8
EPSS Score
0.625
Published
2022-11-12
CVE-2022-40773
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-11-12
CVE-2022-41339
In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-11-12
CVE-2022-45194
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.
CVSS Score
3.8
EPSS Score
0.001
Published
2022-11-12
CVE-2022-45193
CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.
CVSS Score
5.9
EPSS Score
0.0
Published
2022-11-12
CVE-2022-41905
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-11-11
CVE-2022-45182
Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-11-11
CVE-2022-38387
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved