WISE-PaaS/RMM
by Advantech
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18229 | 0.00 | — | 0.02 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||
| CVE-2019-18227 | 0.00 | — | 0.03 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | |||
| CVE-2019-13547 | 0.00 | — | 0.03 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | |||
| CVE-2019-13551 | 0.00 | — | 0.05 | Oct 31, 2019 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an… |
- CVE-2019-18229Oct 31, 2019risk 0.00cvss —epss 0.02
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
- CVE-2019-18227Oct 31, 2019risk 0.00cvss —epss 0.03
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
- CVE-2019-13547Oct 31, 2019risk 0.00cvss —epss 0.03
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
- CVE-2019-13551Oct 31, 2019risk 0.00cvss —epss 0.05
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an…