Skip to main content
CVE-2017-3161 MEDIUM PATCH This Month

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Hadoop
NVD
CVSS 3.0
6.1
EPSS
5.8%
CVE-2016-8962 MEDIUM This Month

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Bigfix Inventory
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-8924 MEDIUM This Month

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.6
EPSS
0.2%
CVE-2017-1170 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy