Security Vulnerabilities - CVEs Published In December 2019
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-12-11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-12-11
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-11
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-11
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-12-11
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-12-11
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-12-11
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-12-11