Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
TYPO3 Other Vulnerability (CVE-2012-3530)	CVE-2012-3530		Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)	CVE-2008-2717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)	CVE-2010-3717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)	CVE-2012-6146 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)	CVE-2013-4320 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)	CVE-2013-7073 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)	CVE-2013-7081 CWE-264	CWE-264	Medium
TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)	CVE-2013-1843		Medium
TYPO3 Session Fixation Vulnerability (CVE-2010-3671)	CVE-2010-3671 CWE-384	CWE-384	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)	CVE-2010-3661 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)	CVE-2010-3669 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)	CVE-2020-15241 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)	CVE-2021-21338 CWE-601	CWE-601	Medium
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)	CVE-2010-3666 CWE-330	CWE-330	Medium
Unauthorized Access to a web app installer	CWE-200	CWE-200	Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability	CWE-400	CWE-400	Medium
Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)	CVE-2021-3597 CWE-362	CWE-362	Medium
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)	CVE-2022-2764		Medium
Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)	CVE-2014-7816 CWE-22	CWE-22	Medium
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)	CVE-2018-1067 CWE-113	CWE-113	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)	CVE-2017-7559 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)	CVE-2020-10687 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)	CVE-2020-10719 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)	CVE-2021-20220 CWE-444	CWE-444	Medium
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)	CVE-2017-12196 CWE-863	CWE-863	Medium
Unencrypted __VIEWSTATE parameter	CWE-200	CWE-200	Medium
Unicode Transformation (Best-Fit Mapping)	CWE-176	CWE-176	Medium
Unprotected Apache NiFi API interface	CWE-287	CWE-287	Medium
Unprotected JSON file leaking secrets	CWE-200	CWE-200	Medium
Unprotected Kong Gateway Admin API interface	CWE-287	CWE-287	Medium
Unrestricted access to MLflow	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ API interface (read only)	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Dashboard	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Upstream HTTP interface	CWE-200	CWE-200	Medium
Unsafe value for session tracking in WEB-INF/web.xml	CWE-16	CWE-16	Medium
URL redirection (Web Server)	CWE-601	CWE-601	Medium
URL rewrite vulnerability	CWE-436	CWE-436	Medium
User-controlled form action	CWE-20	CWE-20	Medium
User controllable charset	CWE-20	CWE-20	Medium
User controllable tag parameter	CWE-79	CWE-79	Medium
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)	CVE-2018-15833 CWE-639	CWE-639	Medium
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)	CVE-2011-3812 CWE-200	CWE-200	Medium
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)	CVE-2011-0908 CWE-20	CWE-20	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)	CVE-2011-0526 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)	CVE-2011-0909 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)	CVE-2011-1009 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)	CVE-2014-9685 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)	CVE-2018-17571 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)	CVE-2019-8279 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)	CVE-2020-8825 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)	CVE-2018-16410 CWE-138	CWE-138	Medium
Vanilla Forums Other Vulnerability (CVE-2011-0910)	CVE-2011-0910		Medium
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)	CVE-2013-4484 CWE-119	CWE-119	Medium
Verb tampering via misconfigured security constraint	CWE-16	CWE-16	Medium
VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)	CVE-2021-23414 CWE-707	CWE-707	Medium
ViewState MAC Disabled	CWE-642	CWE-642	Medium
Virtual host directory listing	CWE-538	CWE-538	Medium
Vulnerable JavaScript libraries	CWE-937	CWE-937	Medium
Vulnerable package dependencies [medium]	CWE-1104	CWE-1104	Medium
W3 total cache debug mode	CWE-489	CWE-489	Medium
Web2py weak secret key	CWE-693	CWE-693	Medium
Webalizer script	CWE-538	CWE-538	Medium
Web Cache Poisoning DoS	CWE-400	CWE-400	Medium
Web Cache Poisoning DoS (for javascript)	CWE-400	CWE-400	Medium
Web Cache Poisoning DoS through HTTP/2 headers	CWE-400	CWE-400	Medium
WebDAV directory listing	CWE-538	CWE-538	Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)	CVE-2018-20420 CWE-732	CWE-732	Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)	CVE-2020-22474 CWE-732	CWE-732	Medium
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)	CVE-2011-3815 CWE-200	CWE-200	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5101)	CVE-2014-5101 CWE-707	CWE-707	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000868)	CVE-2018-1000868 CWE-707	CWE-707	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)	CVE-2019-11592 CWE-707	CWE-707	Medium
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)	CVE-2008-7117 CWE-264	CWE-264	Medium
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)	CVE-2008-7118 CWE-264	CWE-264	Medium
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)	CVE-2018-10237 CWE-770	CWE-770	Medium

TYPO3 Other Vulnerability (CVE-2012-3530)

CVE-2012-3530

Medium