Security Vulnerabilities - CVEs Published In September 2017
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
CVSS Score
5.4
EPSS Score
0.006
Published
2017-09-19
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
CVSS Score
9.8
EPSS Score
0.03
Published
2017-09-19
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
CVSS Score
5.3
EPSS Score
0.037
Published
2017-09-19
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVSS Score
9.8
EPSS Score
0.127
Published
2017-09-19
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
CVSS Score
7.5
EPSS Score
0.024
Published
2017-09-19
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVSS Score
9.8
EPSS Score
0.733
Published
2017-09-19
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
CVSS Score
7.2
EPSS Score
0.074
Published
2017-09-19
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-09-19
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-09-19
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-09-19