Enterprise Search Security Vulnerabilities
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.1AI Score
0.0004EPSS
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
5.4CVSS
6.4AI Score
0.0005EPSS
An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected...
7.8CVSS
7.6AI Score
0.001EPSS
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file....
6.8CVSS
6.8AI Score
0.001EPSS
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system.....
7.8CVSS
7.9AI Score
0.0004EPSS
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released.....
6.8CVSS
6.3AI Score
0.0005EPSS
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...
3.3CVSS
6.1AI Score
0.0004EPSS
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...
3.3CVSS
4AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...
9.8CVSS
9.3AI Score
0.003EPSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...
5.4CVSS
5AI Score
0.001EPSS
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...
5.3CVSS
7AI Score
0.001EPSS
6.1CVSS
7.3AI Score
0.001EPSS
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...
5.3CVSS
5AI Score
0.001EPSS
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...
6.5CVSS
6.8AI Score
0.001EPSS
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...
8.8CVSS
8.7AI Score
0.002EPSS
Students in "Only see own membership" groups could see other students in the group, which should be...
4.3CVSS
4.4AI Score
0.001EPSS
H5P metadata automatically populated the author with the user's username, which could be sensitive...
5.3CVSS
5.1AI Score
0.001EPSS
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...
8.8CVSS
9.3AI Score
0.002EPSS
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the...
8.4CVSS
6.1AI Score
0.001EPSS
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...
5.3CVSS
5.7AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and...
5.3CVSS
5.1AI Score
0.001EPSS
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search...
4.3CVSS
4.6AI Score
0.001EPSS
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has...
5.3CVSS
5.4AI Score
0.001EPSS
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application...
7.3CVSS
7.4AI Score
0.004EPSS
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the...
6.5CVSS
5.2AI Score
0.016EPSS
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by...
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...
4.9CVSS
5.1AI Score
0.001EPSS
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a...
5CVSS
4.4AI Score
0.0004EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...
8.8CVSS
8.6AI Score
0.002EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for...
6.3CVSS
5.6AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within....
6.3CVSS
6.3AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by...
4.3CVSS
4.8AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects...
8.8CVSS
8.4AI Score
0.002EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user.....
8CVSS
7.8AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...
5.4CVSS
4.8AI Score
0.001EPSS
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little...
6.1CVSS
6.2AI Score
0.001EPSS
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and...
9.6CVSS
8.5AI Score
0.002EPSS
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...
9.1CVSS
8.9AI Score
0.003EPSS
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to...
8.8CVSS
8.7AI Score
0.002EPSS
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search...
6.5CVSS
6.4AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
6.1CVSS
5.5AI Score
0.001EPSS
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3)....
6.9AI Score
0.001EPSS
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse...
8.7AI Score
0.0004EPSS
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse...
9AI Score
0.0004EPSS
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and...
6.3AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than...
5.5AI Score
0.004EPSS
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search...
7.8CVSS
7.5AI Score
0.001EPSS