A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x:. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Debug function of Admin UI of SAP Business One Integration is enabled by default. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. Rated medium severity (CVSS 4.7). No vendor patch available.
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Puma is a HTTP 1.1 server for Ruby/Rack applications. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.