CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15776
https://notcve.org/view.php?id=CVE-2020-15776
18 Sep 2020 — An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery. Se detecto un problema en el Gradle Enterprise versiones 2018.2 - 2020.2.4. El token de prevención del CSRF se almacena en una cookie de petición que no está anotada como HttpOnly. • https://cwe.mitre.org/data/definitions/1004.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15768
https://notcve.org/view.php?id=CVE-2020-15768
18 Sep 2020 — An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterpri... • https://github.com/gradle/gradle/security/advisories •
CVSS: 5.3EPSS: 5%CPEs: 2EXPL: 3CVE-2019-7272 – Optergy 2.3.0a - Username Disclosure
https://notcve.org/view.php?id=CVE-2019-7272
01 Jul 2019 — Optergy Proton/Enterprise devices allow Username Disclosure. Los dispositivos Optergy Proton/Enterprise permiten la divulgación del nombre de usuario. • https://packetstorm.news/files/id/155259 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-7273 – Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2019-7273
01 Jul 2019 — Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Los dispositivos Optergy Proton/Enterprise permiten Cross-Site Request Forgery (CSRF). Optergy Proton/Enterprise BMS versions 2.0.3a and below suffer from an add administrator cross site request forgery vulnerability. • https://packetstorm.news/files/id/155265 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 3CVE-2019-7274 – Optergy 2.3.0a - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7274
01 Jul 2019 — Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Los dispositivos Optergy Proton / Enterprise permiten la carga de archivos autenticados con la ejecución de código como root. • https://packetstorm.news/files/id/155269 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7275 – Optergy Proton/Enterprise BMS 2.3.0a Open Redirect
https://notcve.org/view.php?id=CVE-2019-7275
01 Jul 2019 — Optergy Proton/Enterprise devices allow Open Redirect. Los dispositivos Optergy Proton/Enterprise permiten una redirección abierta. Optergy Proton/Enterprise BMS versions 2.3.0a and below suffer from an open redirect vulnerability. • https://packetstorm.news/files/id/155268 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7277
https://notcve.org/view.php?id=CVE-2019-7277
01 Jul 2019 — Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Los dispositivos Optergy Proton/Enterprise permiten la divulgación de información de red interna no autenticada. • http://www.securityfocus.com/bid/108686 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7278
https://notcve.org/view.php?id=CVE-2019-7278
01 Jul 2019 — Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Los dispositivos Optergy Proton/Enterprise tienen un servicio de envío de SMS no autenticado. • http://www.securityfocus.com/bid/108686 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7279
https://notcve.org/view.php?id=CVE-2019-7279
01 Jul 2019 — Optergy Proton/Enterprise devices have Hard-coded Credentials. Los dispositivos Optergy Proton/Enterprise tienen credenciales codificadas. • http://www.securityfocus.com/bid/108686 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2CVE-2019-7276 – Optergy 2.3.0a - Remote Code Execution (Backdoor)
https://notcve.org/view.php?id=CVE-2019-7276
01 Jul 2019 — Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Los dispositivos Optergy Proton/Enterprise permiten la ejecución remota de código raíz a través de una consola Backdoor. • https://packetstorm.news/files/id/171564 •