Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
TYPO3 Other Vulnerability (CVE-2012-3530)	CVE-2012-3530		Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)	CVE-2008-2717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)	CVE-2010-3717 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)	CVE-2012-6146 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)	CVE-2013-4320 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)	CVE-2013-7073 CWE-264	CWE-264	Medium
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)	CVE-2013-7081 CWE-264	CWE-264	Medium
TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)	CVE-2013-1843		Medium
TYPO3 Session Fixation Vulnerability (CVE-2010-3671)	CVE-2010-3671 CWE-384	CWE-384	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)	CVE-2010-3661 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)	CVE-2010-3669 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)	CVE-2020-15241 CWE-601	CWE-601	Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)	CVE-2021-21338 CWE-601	CWE-601	Medium
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)	CVE-2010-3666 CWE-330	CWE-330	Medium
Unauthorized Access to a web app installer	CWE-200	CWE-200	Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability	CWE-400	CWE-400	Medium
Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)	CVE-2021-3597 CWE-362	CWE-362	Medium
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)	CVE-2022-2764		Medium
Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)	CVE-2014-7816 CWE-22	CWE-22	Medium
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)	CVE-2018-1067 CWE-113	CWE-113	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)	CVE-2017-7559 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)	CVE-2020-10687 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)	CVE-2020-10719 CWE-444	CWE-444	Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)	CVE-2021-20220 CWE-444	CWE-444	Medium
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)	CVE-2017-12196 CWE-863	CWE-863	Medium
Unencrypted __VIEWSTATE parameter	CWE-200	CWE-200	Medium
Unicode Transformation (Best-Fit Mapping)	CWE-176	CWE-176	Medium
Unprotected Apache NiFi API interface	CWE-287	CWE-287	Medium
Unprotected JSON file leaking secrets	CWE-200	CWE-200	Medium
Unprotected Kong Gateway Admin API interface	CWE-287	CWE-287	Medium
Unrestricted access to MLflow	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ API interface (read only)	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Dashboard	CWE-200	CWE-200	Medium
Unrestricted access to NGINX+ Upstream HTTP interface	CWE-200	CWE-200	Medium
Unsafe value for session tracking in WEB-INF/web.xml	CWE-16	CWE-16	Medium
URL redirection (Web Server)	CWE-601	CWE-601	Medium
URL rewrite vulnerability	CWE-436	CWE-436	Medium
User-controlled form action	CWE-20	CWE-20	Medium
User controllable charset	CWE-20	CWE-20	Medium
User controllable tag parameter	CWE-79	CWE-79	Medium
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)	CVE-2018-15833 CWE-639	CWE-639	Medium
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)	CVE-2011-3812 CWE-200	CWE-200	Medium
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)	CVE-2011-0908 CWE-20	CWE-20	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)	CVE-2011-0526 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)	CVE-2011-0909 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)	CVE-2011-1009 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)	CVE-2014-9685 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)	CVE-2018-17571 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)	CVE-2019-8279 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)	CVE-2020-8825 CWE-707	CWE-707	Medium
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)	CVE-2018-16410 CWE-138	CWE-138	Medium
Vanilla Forums Other Vulnerability (CVE-2011-0910)	CVE-2011-0910		Medium
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)	CVE-2013-4484 CWE-119	CWE-119	Medium
Verb tampering via misconfigured security constraint	CWE-16	CWE-16	Medium
VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)	CVE-2021-23414 CWE-707	CWE-707	Medium
ViewState MAC Disabled	CWE-642	CWE-642	Medium
Virtual host directory listing	CWE-538	CWE-538	Medium
Vulnerable JavaScript libraries	CWE-937	CWE-937	Medium
Vulnerable package dependencies [medium]	CWE-1104	CWE-1104	Medium
W3 total cache debug mode	CWE-489	CWE-489	Medium
Web2py weak secret key	CWE-693	CWE-693	Medium
Webalizer script	CWE-538	CWE-538	Medium
Web Cache Poisoning DoS	CWE-400	CWE-400	Medium
Web Cache Poisoning DoS (for javascript)	CWE-400	CWE-400	Medium
Web Cache Poisoning DoS through HTTP/2 headers	CWE-400	CWE-400	Medium
WebDAV directory listing	CWE-538	CWE-538	Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)	CVE-2018-20420 CWE-732	CWE-732	Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)	CVE-2020-22474 CWE-732	CWE-732	Medium
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)	CVE-2011-3815 CWE-200	CWE-200	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5101)	CVE-2014-5101 CWE-707	CWE-707	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000868)	CVE-2018-1000868 CWE-707	CWE-707	Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)	CVE-2019-11592 CWE-707	CWE-707	Medium
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)	CVE-2008-7117 CWE-264	CWE-264	Medium
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)	CVE-2008-7118 CWE-264	CWE-264	Medium
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)	CVE-2018-10237 CWE-770	CWE-770	Medium

TYPO3 Other Vulnerability (CVE-2012-3530)

CVE-2012-3530

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)

CVE-2008-2717

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)

CVE-2010-3717

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)

CVE-2012-6146

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)

CVE-2013-4320

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)

CVE-2013-7073

CWE-264

Medium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)

CVE-2013-7081

CWE-264

Medium

TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)

CVE-2013-1843

Medium

TYPO3 Session Fixation Vulnerability (CVE-2010-3671)

CVE-2010-3671

CWE-384

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)

CVE-2010-3661

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)

CVE-2010-3669

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)

CVE-2020-15241

CWE-601

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)

CVE-2021-21338

CWE-601

Medium

TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)

CVE-2010-3666

CWE-330

Medium

Unauthorized Access to a web app installer

CWE-200

Medium

Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability

CWE-400

Medium

Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)

CVE-2021-3597

CWE-362

Medium

Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)

CVE-2022-2764

Medium

Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)

CVE-2014-7816

CWE-22

Medium

Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)

CVE-2018-1067

CWE-113

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)

CVE-2017-7559

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)

CVE-2020-10687

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)

CVE-2020-10719

CWE-444

Medium

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)

CVE-2021-20220

CWE-444

Medium

Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)

CVE-2017-12196

CWE-863

Medium

Unencrypted __VIEWSTATE parameter

CWE-200

Medium

Unicode Transformation (Best-Fit Mapping)

CWE-176

Medium

Unprotected Apache NiFi API interface

CWE-287

Medium

Unprotected JSON file leaking secrets

CWE-200

Medium

Unprotected Kong Gateway Admin API interface

CWE-287

Medium

Unrestricted access to MLflow

CWE-200

Medium

Unrestricted access to NGINX+ API interface (read only)

CWE-200

Medium

Unrestricted access to NGINX+ Dashboard

CWE-200

Medium

Unrestricted access to NGINX+ Upstream HTTP interface

CWE-200

Medium

Unsafe value for session tracking in WEB-INF/web.xml

CWE-16

Medium

URL redirection (Web Server)

CWE-601

Medium

URL rewrite vulnerability

CWE-436

Medium

User-controlled form action

CWE-20

Medium

User controllable charset

CWE-20

Medium

User controllable tag parameter

CWE-79

Medium

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

CVE-2018-15833

CWE-639

Medium

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)

CVE-2011-3812

CWE-200

Medium

Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)

CVE-2011-0908

CWE-20

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)

CVE-2011-0526

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)

CVE-2011-0909

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)

CVE-2011-1009

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)

CVE-2014-9685

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)

CVE-2018-17571

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)

CVE-2019-8279

CWE-707

Medium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)

CVE-2020-8825

CWE-707

Medium

Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)

CVE-2018-16410

CWE-138

Medium

Vanilla Forums Other Vulnerability (CVE-2011-0910)

CVE-2011-0910

Medium

Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)

CVE-2013-4484

CWE-119

Medium

Verb tampering via misconfigured security constraint

CWE-16

Medium

VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)

CVE-2021-23414

CWE-707

Medium

ViewState MAC Disabled

CWE-642

Medium

Virtual host directory listing

CWE-538

Medium

Vulnerable JavaScript libraries

CWE-937

Medium

Vulnerable package dependencies [medium]

CWE-1104

Medium

W3 total cache debug mode

CWE-489

Medium

Web2py weak secret key

CWE-693

Medium

Webalizer script

CWE-538

Medium

Web Cache Poisoning DoS

CWE-400

Medium

Web Cache Poisoning DoS (for javascript)

CWE-400

Medium

Web Cache Poisoning DoS through HTTP/2 headers

CWE-400

Medium

WebDAV directory listing

CWE-538

Medium

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)

CVE-2018-20420

CWE-732

Medium

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)

CVE-2020-22474

CWE-732

Medium

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

CVE-2011-3815

CWE-200

Medium

WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5101)

CVE-2014-5101

CWE-707

Medium

WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000868)

CVE-2018-1000868

CWE-707

Medium

WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)

CVE-2019-11592

CWE-707

Medium

WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)

CVE-2008-7117

CWE-264

Medium

WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)

CVE-2008-7118

CWE-264

Medium

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

CVE-2018-10237

CWE-770

Medium

Medium Severity Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities