VYPR

Deltaflow E Platform

by Vangene

CVEs (3)

  • CVE-2021-28173CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.02

    The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.

  • CVE-2021-28171CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.01

    The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

  • CVE-2021-28172HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.02

    There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.