CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4901
https://notcve.org/view.php?id=CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48310
https://notcve.org/view.php?id=CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48309
https://notcve.org/view.php?id=CVE-2022-48309
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 13%CPEs: 2EXPL: 2CVE-2023-22232 – Adobe Connect Improper Access Control Security feature bypass
https://notcve.org/view.php?id=CVE-2023-22232
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. • https://www.exploit-db.com/exploits/49550 https://www.exploit-db.com/exploits/51327 http://packetstormsecurity.com/files/171390/Adobe-Connect-11.4.5-12.1.5-Local-File-Disclosure.html https://helpx.adobe.com/security/products/connect/apsb23-05.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46081
https://notcve.org/view.php?id=CVE-2022-46081
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product. En Garmin Connect 4.61, finalizar una sesión de LiveTrack no impediría que la API LiveTrack exponga continuamente información personal privada. NOTA: el proveedor cuestiona esto porque el servicio LiveTrack API no es un producto controlado por el cliente. • https://www.samwallace.dev/research/Harvesting%20Emails%20with%20Expired%20Garmin%20LiveTrack%20Sessions • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •