VYPR

Securetransport

by Axway

CVEs (4)

  • CVE-2008-1724Apr 11, 2008
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile…

  • CVE-2013-7057Nov 4, 2014
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.

  • CVE-2012-4991Dec 13, 2012
    risk 0.03cvss epss 0.05

    Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.

  • CVE-2019-14277Jul 26, 2019
    risk 0.01cvss epss 0.07

    Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI…