Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mobile platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-2167
Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.
Ericsson Drutt Mobile Service Delivery Platform 4.0
Ericsson Drutt Mobile Service Delivery Platform 5.0
Ericsson Drutt Mobile Service Delivery Platform 6.0
NA
CVE-2015-2165
Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote malicious users to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5)...
Ericsson Drutt Mobile Service Delivery Platform 4.0
Ericsson Drutt Mobile Service Delivery Platform 5.0
Ericsson Drutt Mobile Service Delivery Platform 6.0
NA
CVE-2015-2166
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
Ericsson Drutt Mobile Service Delivery Platform 6.0
Ericsson Drutt Mobile Service Delivery Platform 4.0
Ericsson Drutt Mobile Service Delivery Platform 5.0
1 EDB exploit
1 Github repository
NA
CVE-2015-2813
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote malicious users to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
Sap Mobile Platform
NA
CVE-2015-8600
The SysAdminWebTool servlets in SAP Mobile Platform allow remote malicious users to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.
Sap Mobile Platform
4.3
CVSSv3
CVE-2020-6177
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on t...
Sap Mobile Platform 3.0
6.5
CVSSv3
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and previous versions uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.
Jenkins Convertigo Mobile Platform
7.5
CVSSv3
CVE-2018-2459
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.
Sap Mobile Platform 3.0
6.5
CVSSv3
CVE-2022-34199
Jenkins Convertigo Mobile Platform Plugin 1.1 and previous versions stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Jenkins Convertigo Mobile Platform
6.5
CVSSv3
CVE-2022-34201
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Convertigo Mobile Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »