Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-5255 | OS Command Injection vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | 8.8 |
| 2017-12-20 | CVE-2017-5254 | Improper Privilege Management vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | 8.8 |
| 2017-12-20 | CVE-2017-16731 | Insufficiently Protected Credentials vulnerability in Hitachienergy Ellipse 8.3.0/8.9.0 An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). | 8.8 |
| 2017-12-20 | CVE-2017-16717 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con Levi Studio HMI A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. | 8.6 |
| 2017-12-20 | CVE-2017-1757 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 is vulnerable to SQL injection. | 8.8 |
| 2017-12-20 | CVE-2017-1746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1696 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0 IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-12-20 | CVE-2017-1694 | Cleartext Transmission of Sensitive Information vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. | 8.1 |
| 2017-12-20 | CVE-2017-1631 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1598 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |