CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2018-4875 79 XSS 2018-02-27 2018-03-17
4.3
None Remote Medium Not required None Partial None
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.
502 CVE-2018-4872 Bypass 2018-02-27 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
503 CVE-2018-3609 532 Bypass 2018-02-16 2019-10-09
4.3
None Remote Medium Not required Partial None None
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
504 CVE-2018-3607 89 Exec Code Sql 2018-02-09 2018-02-27
6.5
None Remote Low ??? Partial Partial Partial
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
505 CVE-2018-3606 89 Exec Code Sql 2018-02-09 2018-02-27
6.5
None Remote Low ??? Partial Partial Partial
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
506 CVE-2018-3605 89 Exec Code Sql 2018-02-09 2018-03-01
6.5
None Remote Low ??? Partial Partial Partial
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
507 CVE-2018-3604 89 Exec Code Sql 2018-02-09 2018-02-27
6.5
None Remote Low ??? Partial Partial Partial
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
508 CVE-2018-3603 89 Exec Code Sql 2018-02-09 2018-02-27
6.5
None Remote Low ??? Partial Partial Partial
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
509 CVE-2018-3602 89 Exec Code Sql 2018-02-09 2018-02-27
6.5
None Remote Low ??? Partial Partial Partial
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.
510 CVE-2018-3601 287 Bypass 2018-02-09 2018-02-27
7.5
None Remote Low Not required Partial Partial Partial
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
511 CVE-2018-3600 611 2018-02-09 2018-02-27
4.0
None Remote Low ??? Partial None None
A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.
512 CVE-2018-2396 2018-02-14 2019-10-03
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
513 CVE-2018-2395 2018-02-14 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
514 CVE-2018-2394 2018-02-14 2019-10-03
5.0
None Remote Low Not required None None Partial
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
515 CVE-2018-2393 611 2018-02-14 2018-03-01
5.0
None Remote Low Not required None None Partial
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
516 CVE-2018-2392 611 2018-02-14 2018-03-01
5.0
None Remote Low Not required None None Partial
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
517 CVE-2018-2391 2018-02-14 2019-10-03
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
518 CVE-2018-2390 2018-02-14 2019-10-03
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.
519 CVE-2018-2389 116 2018-02-14 2020-08-24
4.0
None Remote Low ??? None Partial None
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
520 CVE-2018-2388 79 XSS 2018-02-14 2018-02-27
4.3
None Remote Medium Not required None Partial None
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
521 CVE-2018-2387 +Info 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
522 CVE-2018-2386 119 Overflow 2018-02-14 2018-02-27
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
523 CVE-2018-2385 369 2018-02-14 2018-02-27
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
524 CVE-2018-2384 476 2018-02-14 2018-02-27
4.0
None Remote Low ??? None None Partial
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
525 CVE-2018-2383 79 XSS 2018-02-14 2018-02-27
4.3
None Remote Medium Not required None Partial None
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
526 CVE-2018-2382 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
527 CVE-2018-2381 862 2018-02-14 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
528 CVE-2018-2379 209 2018-02-14 2019-10-03
4.0
None Remote Low ??? Partial None None
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
529 CVE-2018-2378 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
530 CVE-2018-2377 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
531 CVE-2018-2376 2018-02-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
532 CVE-2018-2375 2018-02-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
533 CVE-2018-2374 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
534 CVE-2018-2373 2018-02-14 2020-08-24
5.0
None Remote Low Not required Partial None None
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
535 CVE-2018-2372 532 2018-02-14 2020-08-24
4.0
None Remote Low ??? Partial None None
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
536 CVE-2018-2371 79 XSS 2018-02-14 2018-03-15
4.3
None Remote Medium Not required None Partial None
The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
537 CVE-2018-2370 918 2018-02-14 2018-03-15
5.0
None Remote Low Not required Partial None None
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.
538 CVE-2018-2369 +Info 2018-02-14 2020-08-24
5.0
None Remote Low Not required Partial None None
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.
539 CVE-2018-2364 79 XSS 2018-02-14 2018-03-07
4.3
None Remote Medium Not required None Partial None
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
540 CVE-2018-1425 326 2018-02-27 2018-03-16
4.3
None Remote Medium Not required Partial None None
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.
541 CVE-2018-1417 732 2018-02-22 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
542 CVE-2018-1416 79 XSS 2018-02-27 2018-03-16
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.
543 CVE-2018-1415 79 XSS 2018-02-22 2018-03-09
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.
544 CVE-2018-1414 89 Sql 2018-02-22 2018-03-09
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
545 CVE-2018-1411 Exec Code 2018-02-19 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
546 CVE-2018-1410 Exec Code 2018-02-19 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
547 CVE-2018-1409 Exec Code 2018-02-19 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
548 CVE-2018-1401 79 XSS 2018-02-09 2018-02-26
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.
549 CVE-2018-1399 79 XSS 2018-02-27 2018-03-17
3.5
None Remote Medium ??? None Partial None
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.
550 CVE-2018-1392 200 Exec Code +Info 2018-02-22 2018-03-12
3.5
None Remote Medium ??? Partial None None
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.