Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-3428
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-22
CVE-2019-4214
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
CVSS Score
3.7
EPSS Score
0.002
Published
2019-11-22
CVE-2019-4215
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-22
CVE-2019-4216
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-11-22
CVE-2019-4243
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.
CVSS Score
5.1
EPSS Score
0.001
Published
2019-11-22
CVE-2019-4569
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-22
CVE-2019-4570
IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.
CVSS Score
3.7
EPSS Score
0.003
Published
2019-11-22
CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes
CVSS Score
6.5
EPSS Score
0.009
Published
2019-11-22
CVE-2015-7810
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVSS Score
4.7
EPSS Score
0.001
Published
2019-11-22
CVE-2012-3407
plow has local buffer overflow vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved