Security Vulnerabilities - CVEs Published In March 2022
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVSS Score
8.1
EPSS Score
0.005
Published
2022-03-02
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-03-02
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-03-02
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-03-02
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVSS Score
7.5
EPSS Score
0.665
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
CVSS Score
5.6
EPSS Score
0.005
Published
2022-03-02