RSS   Vulnerabilities for 'Vbase web-remote'   RSS

2020-04-03
 
CVE-2020-7008

CWE-22
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.

 
 
CVE-2020-7004

CWE-276
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application.

 
 
CVE-2020-7000

CWE-922
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

 
 
CVE-2020-10601

CWE-326
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.

 
 
CVE-2020-10599

CWE-120
 

 
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code.

 

 >>> Vendor: Visam 2 Products
Vbase editor
Vbase web-remote


Copyright 2021, cxsecurity.com

 

Back to Top