IOTransfer
by Iobit
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24562 | 0.07 | — | 0.53 | Jun 16, 2022 | In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | |||
| CVE-2022-37197 | 0.03 | — | 0.01 | Nov 18, 2022 | IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. |
- CVE-2022-24562Jun 16, 2022risk 0.07cvss —epss 0.53
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
- CVE-2022-37197Nov 18, 2022risk 0.03cvss —epss 0.01
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.