Security Vulnerabilities - CVEs Published In March 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-01
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
CVSS Score
8.1
EPSS Score
0.005
Published
2022-03-01
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-03-01
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-03-01
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-01
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-03-01
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-03-01
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
CVSS Score
7.2
EPSS Score
0.028
Published
2022-03-01
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
CVSS Score
6.1
EPSS Score
0.334
Published
2022-03-01
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-01