VYPR

Data Center Expert

by Schneider Electric

CVEs (6)

  • CVE-2018-7807HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.01

    Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As…

  • CVE-2022-32520HigJan 30, 2023
    risk 0.52cvss 8.0epss 0.01

    A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to…

  • CVE-2022-32519HigJan 30, 2023
    risk 0.52cvss 8.0epss 0.00

    A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)

  • CVE-2022-32518HigJan 30, 2023
    risk 0.52cvss 8.0epss 0.01

    A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to…

  • CVE-2024-8531HigOct 11, 2024
    risk 0.47cvss 7.2epss 0.00

    CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

  • CVE-2022-32521HigJan 30, 2023
    risk 0.46cvss 7.1epss 0.01

    A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)