CVSS: 9.8EPSS: 94%CPEs: 38EXPL: 40CVE-2020-1938 – Apache Tomcat Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-1938
24 Feb 2020 — When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected... • https://packetstorm.news/files/id/180825 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3127
https://notcve.org/view.php?id=CVE-2016-3127
03 Mar 2017 — An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. Una vulnerabilidad de divulgación de información en la implementación de inicio de sesión de BlackBerry Good Control Server en v... • http://support.blackberry.com/kb/articleDetail?articleNumber=000038301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •