CBAS
by Computrols
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10849 | 0.04 | — | 0.12 | May 23, 2019 | Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | |||
| CVE-2019-10847 | 0.03 | — | 0.00 | May 24, 2019 | Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | |||
| CVE-2019-10848 | 0.03 | — | 0.05 | May 24, 2019 | Computrols CBAS 18.0.0 allows Username Enumeration. | |||
| CVE-2019-10846 | 0.03 | — | 0.02 | May 23, 2019 | Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. | |||
| CVE-2019-10854 | 0.01 | — | 0.16 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authenticated Command Injection. | |||
| CVE-2019-10850 | 0.00 | — | 0.00 | May 23, 2019 | Computrols CBAS 18.0.0 has Default Credentials. | |||
| CVE-2019-10851 | 0.00 | — | 0.00 | May 23, 2019 | Computrols CBAS 18.0.0 has hard-coded encryption keys. | |||
| CVE-2019-10852 | 0.00 | — | 0.00 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||
| CVE-2019-10853 | 0.00 | — | 0.00 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authentication Bypass. | |||
| CVE-2019-10855 | 0.00 | — | 0.00 | May 23, 2019 | Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. |
- CVE-2019-10849May 23, 2019risk 0.04cvss —epss 0.12
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
- CVE-2019-10847May 24, 2019risk 0.03cvss —epss 0.00
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
- CVE-2019-10848May 24, 2019risk 0.03cvss —epss 0.05
Computrols CBAS 18.0.0 allows Username Enumeration.
- CVE-2019-10846May 23, 2019risk 0.03cvss —epss 0.02
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
- CVE-2019-10854May 23, 2019risk 0.01cvss —epss 0.16
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
- CVE-2019-10850May 23, 2019risk 0.00cvss —epss 0.00
Computrols CBAS 18.0.0 has Default Credentials.
- CVE-2019-10851May 23, 2019risk 0.00cvss —epss 0.00
Computrols CBAS 18.0.0 has hard-coded encryption keys.
- CVE-2019-10852May 23, 2019risk 0.00cvss —epss 0.00
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
- CVE-2019-10853May 23, 2019risk 0.00cvss —epss 0.00
Computrols CBAS 18.0.0 allows Authentication Bypass.
- CVE-2019-10855May 23, 2019risk 0.00cvss —epss 0.00
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.