VYPR

Control Room Management Suite

by Barco

CVEs (5)

  • CVE-2022-26233Apr 3, 2022
    risk 0.06cvss epss 0.15

    Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.

  • CVE-2022-26978Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.

  • CVE-2022-26977Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.

  • CVE-2022-26976Jun 1, 2022
    risk 0.00cvss epss 0.00

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

  • CVE-2022-26971Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.