Security Vulnerabilities - CVEs Published In October 2022
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-10-31
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-10-31
The application was vulnerable to a session fixation that could be used hijack accounts.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-31
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-31
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
CVSS Score
4.9
EPSS Score
0.0
Published
2022-10-31
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-31
Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-10-31
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-10-31
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-10-31
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-10-31
Page 1