CBAS
by Computrols
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10850 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2019 | Computrols CBAS 18.0.0 has Default Credentials. | ||
| CVE-2019-10847 | Hig | 0.60 | 8.8 | 0.02 | May 24, 2019 | Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | ||
| CVE-2019-10854 | Hig | 0.57 | 8.8 | 0.03 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authenticated Command Injection. | ||
| CVE-2019-10852 | Hig | 0.57 | 8.8 | 0.02 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | ||
| CVE-2019-10853 | Hig | 0.53 | 8.1 | 0.02 | May 23, 2019 | Computrols CBAS 18.0.0 allows Authentication Bypass. | ||
| CVE-2019-10849 | Hig | 0.52 | 7.5 | 0.09 | May 23, 2019 | Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | ||
| CVE-2019-10855 | Hig | 0.49 | 7.5 | 0.01 | May 23, 2019 | Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | ||
| CVE-2019-10846 | Med | 0.43 | 6.1 | 0.05 | May 23, 2019 | Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. | ||
| CVE-2019-10851 | Med | 0.42 | 6.5 | 0.01 | May 23, 2019 | Computrols CBAS 18.0.0 has hard-coded encryption keys. | ||
| CVE-2019-10848 | Med | 0.38 | 5.3 | 0.08 | May 24, 2019 | Computrols CBAS 18.0.0 allows Username Enumeration. |
- risk 0.64cvss 9.8epss 0.02
Computrols CBAS 18.0.0 has Default Credentials.
- risk 0.60cvss 8.8epss 0.02
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
- risk 0.57cvss 8.8epss 0.03
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
- risk 0.57cvss 8.8epss 0.02
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
- risk 0.53cvss 8.1epss 0.02
Computrols CBAS 18.0.0 allows Authentication Bypass.
- risk 0.52cvss 7.5epss 0.09
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
- risk 0.49cvss 7.5epss 0.01
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
- risk 0.43cvss 6.1epss 0.05
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
- risk 0.42cvss 6.5epss 0.01
Computrols CBAS 18.0.0 has hard-coded encryption keys.
- risk 0.38cvss 5.3epss 0.08
Computrols CBAS 18.0.0 allows Username Enumeration.