Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
Medium (6.4) (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
PT-2018-47: SQL Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
PT-2018-46: Code Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-45: Hard-coded Credentials in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-44: Directory Traversal in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)
PT-2018-43: XXE Injection in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-42: Information Disclosure in SAP NetWeaver System Landscape Directory
Fix date: October 10, 2017
Vector: Remote
Systems affected: SAP NetWeaver System Landscape Directory 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
10.10.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Knowledge Management Configuration Service 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
PT-2018-40: Stored XSS in SAP NetWeaver Development Infrastructure Cockpit
Fix date: September 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Development Infrastructure Cockpit 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.09.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
PT-2018-39: Cross-Site Scripting in SAP Business Warehouse Universal Data Integration
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP Business Warehouse Universal Data Integration 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-38: Information Disclosure in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
PT-2018-37: Unauthorized Actions in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
PT-2018-36: Information Disclosure in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-35: Authorization Bypass in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
PT-2018-34: XXE Injection in S3 Browser
Fix date: December 18, 2018
Vector: Remote
Systems affected: S3 Browser 7.x
Vendor: NetSDK Software
Notification status: 09.10.2018 - Vendor gets vulnerability details
18.12.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2018-33: Arbitrary Code Execution in NCR S2
Fix date: February 6, 2018
Vector: Remote
Systems affected: NCR S1
Vendor: NCR
Notification status: 23.06.2017 - Vendor gets vulnerability details
06.02.2018 - Vendor releases fixed version and details
14.12.2018 - Public disclosure
High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2018-32: Arbitrary Code Execution in NCR S1
Fix date: February 6, 2018
Vector: Remote
Systems affected: NCR S1
Vendor: NCR
Notification status: 23.06.2017 - Vendor gets vulnerability details
06.02.2018 - Vendor releases fixed version and details
14.12.2018 - Public disclosure
Medium (5.3) AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
PT-2018-31: XXE Injection in Cisco Secure ACS
Fix date: March 7, 2018
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
13.12.2018 - Public disclosure
Medium (5.3) AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
PT-2018-30: XXE Injection in Cisco Secure ACS
Fix date: March 7, 2018
Vector: Local
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
13.12.2018 - Public disclosure
Medium (5.4) AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS
Fix date: July 26, 2017
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
26.07.2017 - Vendor releases fixed version and details
13.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
Fix date: March 7, 2018
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
11.12.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice