Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7.0) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
PT-2019-05: Local privilege escalation
Fix date: November 8, 2019
Vector: Local
Systems affected: Linux Kernel from version 3.18 up to 5.4
Notification status: 01.11.2019 - Linux kernel security team gets vulnerability details and fixes
02.11.2019 - Linux kernel security team allows full disclosure
02.11.2019 - Full disclosure at oss-security mailing list
08.11.2019 - Final version of the fixing patch is accepted for the mainline
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-04: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Lenovo
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-03: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Dell
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-02: Code Execution
Fix date: October 1, 2019
Vector: Remote
Vendor: HPE
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-01: Code Execution
Fix date: no patches available
Vector: Remote
Vendor: HPE
Medium (6.4) (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
PT-2018-47: SQL Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
PT-2018-46: Code Injection in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-45: Hard-coded Credentials in EVLink Parking
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-44: Directory Traversal in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)
PT-2018-43: XXE Injection in SAP Business Process Automation by Redwood
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
PT-2018-42: Information Disclosure in SAP NetWeaver System Landscape Directory
Fix date: October 10, 2017
Vector: Remote
Systems affected: SAP NetWeaver System Landscape Directory 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
10.10.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Knowledge Management Configuration Service 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
PT-2018-40: Stored XSS in SAP NetWeaver Development Infrastructure Cockpit
Fix date: September 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Development Infrastructure Cockpit 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.09.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
PT-2018-39: Cross-Site Scripting in SAP Business Warehouse Universal Data Integration
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP Business Warehouse Universal Data Integration 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-38: Information Disclosure in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
PT-2018-37: Unauthorized Actions in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
PT-2018-36: Information Disclosure in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-35: Authorization Bypass in APC Uninterrupted Power Supplies
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
PT-2018-34: XXE Injection in S3 Browser
Fix date: December 18, 2018
Vector: Remote
Systems affected: S3 Browser 7.x
Vendor: NetSDK Software
Notification status: 09.10.2018 - Vendor gets vulnerability details
18.12.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2018-33: Arbitrary Code Execution in NCR S2
Fix date: February 6, 2018
Vector: Remote
Systems affected: NCR S1
Vendor: NCR
Notification status: 23.06.2017 - Vendor gets vulnerability details
06.02.2018 - Vendor releases fixed version and details
14.12.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice