Skip to main content
CVE-2020-15944 MEDIUM POC This Month

An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Gantt Chart
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-15109 MEDIUM POC PATCH This Month

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Solidus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-16847 MEDIUM This Month

Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extreme Management Center
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-16843 MEDIUM This Month

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Firecracker
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-4631 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Microsoft Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4542 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Requirements Management Doors Next
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4525 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Workflow Management Rational Rhapsody Design Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4396 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Test Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4410 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Test Management Rational Rhapsody Design Manager
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy