Security Vulnerabilities - CVEs Published In December 2023
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-12-20
Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.
CVSS Score
9.6
EPSS Score
0.001
Published
2023-12-20
A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-12-20
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-12-20
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-20
DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-12-20
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-20
An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-12-20
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-19
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-19