Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4873PUBLISHED: 2021-01-19IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
CVE-2020-4881PUBLISHED: 2021-01-19
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID...
CVE-2021-22498PUBLISHED: 2021-01-19
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML Exte...
CVE-2021-25323PUBLISHED: 2021-01-19The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2021-25324PUBLISHED: 2021-01-19MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
User Rank: Strategist
2/26/2016 | 3:35:06 PM