RSS   Vulnerabilities for 'Single connect'   RSS

2022-01-27
 
CVE-2021-44792

CWE-862
 

 
Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.

 
 
CVE-2021-44793

CWE-862
 

 
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.

 
 
CVE-2021-44794

CWE-862
 

 
Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.

 
 
CVE-2021-44795

CWE-862
 

 
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.

 


Copyright 2024, cxsecurity.com

 

Back to Top