Skip to main content
CVE-2019-0303 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4381 MEDIUM PATCH This Month

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass IBM
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4239 MEDIUM This Month

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-12819 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-4403 MEDIUM This Month

IBM Connections 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-0316 MEDIUM This Month

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Process Integration
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-10159 MEDIUM This Month

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cfme Gemset Cloudforms
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy