Skip to main content
CVE-2019-4530 MEDIUM This Month

IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-6187 MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-6853 MEDIUM This Month

A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-15073 MEDIUM This Month

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-15072 MEDIUM This Month

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-15071 MEDIUM This Month

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy