Arconte Áurea
by Fujitsu
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4096 | 0.00 | — | 0.00 | Sep 19, 2023 | Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | |||
| CVE-2023-4095 | 0.00 | — | 0.00 | Sep 19, 2023 | User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform. | |||
| CVE-2023-4094 | 0.00 | — | 0.00 | Sep 19, 2023 | ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the… | |||
| CVE-2023-4093 | 0.00 | — | 0.00 | Sep 19, 2023 | Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious… | |||
| CVE-2023-4092 | 0.00 | — | 0.01 | Sep 19, 2023 | SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases,… |
- CVE-2023-4096Sep 19, 2023risk 0.00cvss —epss 0.00
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.
- CVE-2023-4095Sep 19, 2023risk 0.00cvss —epss 0.00
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.
- CVE-2023-4094Sep 19, 2023risk 0.00cvss —epss 0.00
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the…
- CVE-2023-4093Sep 19, 2023risk 0.00cvss —epss 0.00
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious…
- CVE-2023-4092Sep 19, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases,…