Security Vulnerabilities - CVEs Published In 2016
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-10-13
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-10-13
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-10-13
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-10-13
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
CVSS Score
9.1
EPSS Score
0.01
Published
2016-10-13
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-10-13
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
CVSS Score
7.5
EPSS Score
0.01
Published
2016-10-13
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVSS Score
2.5
EPSS Score
0.001
Published
2016-10-13
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
CVSS Score
4.7
EPSS Score
0.001
Published
2016-10-13
Ruckus Wireless H500 web management interface authenticated command injection
CVSS Score
8.8
EPSS Score
0.202
Published
2016-10-10