Skip to main content
CVE-2021-37206 HIGH PATCH This Week

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Siprotec 5 With Cpu Variant Cp050 Siprotec 5 With Cpu Variant Cp100 Siprotec 5 With Cpu Variant Cp300
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-33737 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC CP 343-1 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Simatic Cp 343 1 Firmware Simatic Cp 343 1 Advanced Firmware Simatic Cp 343 1 Erpc Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-33720 HIGH PATCH This Week

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Siprotec 5 With Cpu Variant Cp050 Siprotec 5 With Cpu Variant Cp100 Siprotec 5 With Cpu Variant Cp300
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-39123 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Data Center Jira
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-40354 HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teamcenter Visualization
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-37203 HIGH PATCH This Week

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Nx 1980 Solid Edge
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-23043 MEDIUM This Month

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-38175 MEDIUM This Month

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft SAP Analysis For Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38174 MEDIUM This Month

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38150 MEDIUM This Month

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business Client
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-33685 MEDIUM This Month

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP Business One
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37183 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-37177 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-33716 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Simatic Cp 1543 1 Firmware Simatic Cp 1545 1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-23027 MEDIUM This Month

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23041 MEDIUM This Month

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +7
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23052 MEDIUM This Month

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33675 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33674 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33673 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32202 MEDIUM This Month

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cs Cart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-35493 MEDIUM This Month

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webfocus Client Webfocus Installer Webfocus Reporting Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29841 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38164 MEDIUM This Month

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Financial Accounting
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33679 MEDIUM This Month

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37186 MEDIUM PATCH This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Logo Cmr2020 Firmware Logo Cmr2040 Firmware Simatic Rtu3010C Firmware Simatic Rtu3030C Firmware +2
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-23047 MEDIUM This Month

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-20582 MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20569 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-23053 MEDIUM This Month

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-33686 MEDIUM This Month

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business One
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-37175 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Rx1500 Firmware Ruggedcom Rox Rx1501 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39125 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39118 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-23046 MEDIUM This Month

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Guided Configuration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-40357 MEDIUM PATCH This Month

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Teamcenter Active Workspace
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-21489 MEDIUM This Month

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-20508 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-37532 MEDIUM This Month

SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Business One
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-33688 MEDIUM This Month

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Business One
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37193 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37192 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37191 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37190 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-39124 MEDIUM This Month

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Data Center Jira
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-37176 LOW PATCH Monitor

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Simcenter Femap
NVD
CVSS 3.1
3.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy