RSS   Vulnerabilities for 'Integria ims'   RSS

2018-12-20
 
CVE-2018-1000812

CWE-640
 

 
Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.

 
2018-12-18
 
CVE-2018-19829

CWE-352
 

 
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.

 
2018-12-17
 
CVE-2018-19828

CWE-79
 

 
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.

 

 >>> Vendor: Artica 2 Products
Pandora fms
Integria ims


Copyright 2019, cxsecurity.com

 

Back to Top