VBASE
by VISAM
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38417 | Hig | 0.48 | 7.4 | 0.01 | Jul 27, 2022 | VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. | ||
| CVE-2021-42537 | Med | 0.38 | 5.9 | 0.00 | Jul 27, 2022 | VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | ||
| CVE-2022-45876 | Med | 0.36 | 5.5 | 0.03 | Apr 26, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-46300 | Med | 0.36 | 5.5 | 0.04 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-46286 | Med | 0.36 | 5.5 | 0.02 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-45468 | Med | 0.36 | 5.5 | 0.02 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-45121 | Med | 0.36 | 5.5 | 0.00 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-43512 | Med | 0.36 | 5.5 | 0.00 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2022-41696 | Med | 0.36 | 5.5 | 0.00 | Mar 21, 2023 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||
| CVE-2021-42535 | Med | 0.34 | 5.3 | 0.00 | Jul 27, 2022 | VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. |
- risk 0.48cvss 7.4epss 0.01
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.
- risk 0.38cvss 5.9epss 0.00
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- risk 0.36cvss 5.5epss 0.03
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.04
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.02
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.02
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.00
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.00
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.36cvss 5.5epss 0.00
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
- risk 0.34cvss 5.3epss 0.00
VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.