VYPR

NetMatch-S CI

by Italtel S.p.A.

CVEs (3)

  • CVE-2022-39811CriJan 27, 2023
    risk 0.59cvss 9.1epss 0.01

    Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system…

  • CVE-2022-39812HigJan 27, 2023
    risk 0.49cvss 7.5epss 0.01

    Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary…

  • CVE-2022-39813MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary…