Suite Security Vulnerabilities
SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query...
5.4CVSS
5.3AI Score
0.0005EPSS
5.5CVSS
6.3AI Score
0.001EPSS
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...
5.3CVSS
4.9AI Score
0.001EPSS
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: ...
5.9CVSS
5.4AI Score
0.001EPSS
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming...
4.2CVSS
4.5AI Score
0.001EPSS
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of...
6.5CVSS
6.3AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another...
4.3CVSS
4.3AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address...
4.3CVSS
4.4AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header...
4.3CVSS
4.5AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID...
4.3CVSS
4.6AI Score
0.001EPSS
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during...
5.3CVSS
5.3AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1...
5.9CVSS
5.2AI Score
0.0005EPSS
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function...
9.8CVSS
9.3AI Score
0.069EPSS
Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5...
6.5CVSS
5.2AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1...
5.9CVSS
4.8AI Score
0.0005EPSS
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: ...
5.5CVSS
5.2AI Score
0.0004EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the...
4.3CVSS
4.7AI Score
0.001EPSS
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail...
4.3CVSS
4.7AI Score
0.001EPSS
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local...
7.8CVSS
7.4AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4.2AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4.2AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4.2AI Score
0.001EPSS
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: ...
6.5CVSS
6.2AI Score
0.0005EPSS
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
6.4CVSS
5.1AI Score
0.001EPSS
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: ...
6.2CVSS
5AI Score
0.0004EPSS
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected...
7.8CVSS
7.6AI Score
0.0004EPSS
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
7.5CVSS
7AI Score
0.001EPSS
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder...
4.7CVSS
4.3AI Score
0.0004EPSS
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external...
8.7CVSS
6.4AI Score
0.001EPSS
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability...
5.3CVSS
5.2AI Score
0.001EPSS
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not...
4.9CVSS
5.1AI Score
0.001EPSS
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not...
4.9CVSS
5.1AI Score
0.001EPSS
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not...
6.8CVSS
5.2AI Score
0.001EPSS
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not...
4.9CVSS
5.2AI Score
0.001EPSS