VYPR

Connection Broker

by Leostream

CVEs (5)

  • CVE-2021-41550Jan 18, 2022
    risk 0.00cvss epss 0.01

    Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.

  • CVE-2021-41551Jan 18, 2022
    risk 0.00cvss epss 0.01

    Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.

  • CVE-2021-38157Aug 6, 2021
    risk 0.00cvss epss 0.01

    LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2020-26574Oct 6, 2020
    risk 0.00cvss epss 0.02

    Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the…

  • CVE-2018-18817Oct 30, 2018
    risk 0.00cvss epss 0.01

    The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.