Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
disclosure management vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-28856
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing malicious users to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectivel...
Openasset Digital Asset Management
4.3
CVSSv2
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Openasset Digital Asset Management
4.3
CVSSv2
CVE-2020-28859
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Openasset Digital Asset Management
4.3
CVSSv2
CVE-2021-20554
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Ibm Sterling Order Management 10
Ibm Sterling Order Management 9.4.0
Ibm Sterling Order Management 9.5.0
4
CVSSv2
CVE-2019-0399
SAP Portfolio and Project Management, prior to S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.
Sap Portfolio And Project Management Cprxrpm 500 702
Sap Portfolio And Project Management Cprxrpm 600 740
Sap Portfolio And Project Management Cprxrpm 610 740
Sap Portfolio And Project Management Eppm 100
Sap Portfolio And Project Management S4core 102
Sap Portfolio And Project Management S4core 103
4
CVSSv2
CVE-2021-36189
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows malicious user to information disclosure via inspecting browser decrypted data
Fortinet Forticlient Enterprise Management Server 7.0.0
Fortinet Forticlient Enterprise Management Server 7.0.1
Fortinet Forticlient Enterprise Management Server
Fortinet Forticlient Enterprise Management Server 6.4.6
6.8
CVSSv2
CVE-2020-28858
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
Openasset Digital Asset Management
6.8
CVSSv2
CVE-2019-11946
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Hp Intelligent Management Center 7.3
Hp Intelligent Management Center
4
CVSSv2
CVE-2017-17696
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.
Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel
5
CVSSv2
CVE-2018-7122
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Hp Intelligent Management Center 7.3
Hp Intelligent Management Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »