Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Fix date: July 22, 2020
Vector: Remote
Systems affected: Cisco ASA
Cisco FTD
Vendor: Cisco
Notification status: February 13, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date
High (4.9) CVSS:3.1AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2020-07: Arbitrary file reading in Oracle WebLogic Server
Fix date: July 22, 2020
Vector: Remote
Systems affected: Oracle WebLogic Server
Vendor: Oracle
Notification status: April 1, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date
High (7.1) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
PT-2020-06: Local file reading in iDRAC
Fix date: July 7, 2020
Vector: Remote
Systems affected: iDRAC (versions before 4.20.20.20)
Vendor: Dell
Notification status: March 12, 2020 - Vendor notification date
July 7, 2020 - Security advisory publication date
High (7.5) CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
PT-2020-05: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI)
Fix date: July 1, 2020
Vector: Remote
Systems affected: Traffic Management User Interface
Vendor: F5 Networks
Notification status: 01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date
High (10) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)
Fix date: July 1, 2020
Vector: Remote
Systems affected: Traffic Management User Interface
Vendor: F5 Networks
Notification status: 01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date
High (7.5) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
PT-2020-03: Information disclosure in Сisco ASA and Cisco FTD
Fix date: May 6, 2020
Vector: Remote
Systems affected: Cisco ASA
Cisco FTD
Vendor: Cisco
Notification status: 21.02.2020 - Vendor gets vulnerability details
06.05.2020 - Vendor releases fixed version and details
High (9.1) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
PT-2020-02: Reading or deleting arbitrary files in Cisco ASA and Cisco FTD
Fix date: May 6, 2020
Vector: Remote
Systems affected: Cisco ASA
Cisco FTD
Vendor: Cisco
Notification status: 04.10.2019 - Vendor gets vulnerability details
06.05.2020 - Vendor releases fixed version and details
High (9.8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2020-01: Arbitrary code execution in Citrix ADC
Fix date: January 19, 2020
Vector: Remote
Systems affected: Citrix Application Delivery Controller (ADC) and Gateway
Vendor: Citrix
Notification status: 05.12.2019 - Vendor gets vulnerability details
19.01.2020, 22.01.2020 23.01.2020, 24.01.2020 - Vendor releases fixed version and details
High (7.0) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
PT-2019-05: Local privilege escalation
Fix date: November 8, 2019
Vector: Local
Systems affected: Linux Kernel from version 3.18 up to 5.4
Notification status: 01.11.2019 - Linux kernel security team gets vulnerability details and fixes
02.11.2019 - Linux kernel security team allows full disclosure
02.11.2019 - Full disclosure at oss-security mailing list
08.11.2019 - Final version of the fixing patch is accepted for the mainline
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-04: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Lenovo
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-03: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Dell
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-02: Code Execution
Fix date: October 1, 2019
Vector: Remote
Vendor: HPE
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-01: Code Execution
Fix date: no patches available
Vector: Remote
Vendor: HPE
Medium (6.4) (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
PT-2018-47: SQL Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
PT-2018-46: Code Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-45: Hard-coded Credentials in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-44: Directory Traversal in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)
PT-2018-43: XXE Injection in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-42: Information Disclosure in SAP NetWeaver System Landscape Directory
Fix date: October 10, 2017
Vector: Remote
Systems affected: SAP NetWeaver System Landscape Directory 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
10.10.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Knowledge Management Configuration Service 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice