Express device management interface
by UltraLog
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3936 | Cri | 0.65 | 10.0 | 0.01 | Mar 27, 2020 | UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | ||
| CVE-2020-3921 | Hig | 0.56 | 8.6 | 0.01 | Mar 27, 2020 | UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | ||
| CVE-2020-3920 | Hig | 0.53 | 8.1 | 0.01 | Mar 27, 2020 | UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. |
- risk 0.65cvss 10.0epss 0.01
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
- risk 0.56cvss 8.6epss 0.01
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
- risk 0.53cvss 8.1epss 0.01
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.