RSS   Podatności dla 'Deltaflow'   RSS

2021-04-06
 
CVE-2021-28173

CWE-434
 

 
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.

 
 
CVE-2021-28172

CWE-22
 

 
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.

 
 
CVE-2021-28171

CWE-522
 

 
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users�?? data in the Cookie.

 


Copyright 2024, cxsecurity.com

 

Back to Top