IVM Attendant
by Nch
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37443 | Hig | 0.53 | 8.1 | 0.01 | Jul 25, 2021 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||
| CVE-2021-37442 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2021 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | ||
| CVE-2021-37449 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | ||
| CVE-2021-37448 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | ||
| CVE-2021-37451 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). | ||
| CVE-2021-37450 | Med | 0.35 | 5.4 | 0.01 | Jul 25, 2021 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). |
- risk 0.53cvss 8.1epss 0.01
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
- risk 0.42cvss 6.5epss 0.01
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).