Skip to main content
CVE-2021-33723 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinec Nms
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-38183 MEDIUM This Month

SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-40498 MEDIUM This Month

A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service SAP Successfactors Mobile
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42326 MEDIUM PATCH This Month

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-35494 MEDIUM This Month

The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Race Condition Jasperreports Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37735 MEDIUM PATCH This Month

A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x:. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aruba Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-40497 MEDIUM This Month

SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Analysis
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-40495 MEDIUM This Month

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-38179 MEDIUM This Month

Debug function of Admin UI of SAP Business One Integration is enabled by default. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Business One
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-33722 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinec Nms
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27003 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clustered Data Ontap
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2021-35214 MEDIUM This Month

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. Rated medium severity (CVSS 4.7). No vendor patch available.

Microsoft Information Disclosure Pingdom
NVD
CVSS 3.1
4.7
EPSS
1.8%
CVE-2021-40496 MEDIUM This Month

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-42009 MEDIUM PATCH This Month

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Traffic Control
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2021-41136 LOW PATCH Monitor

Puma is a HTTP 1.1 server for Ruby/Rack applications. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Apache Information Disclosure Puma Debian Linux
NVD GitHub
CVSS 3.1
3.7
EPSS
1.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy