Jenesys Bas Bridge
Sign in to watchby Lynxspring
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8378 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2017 | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | |
| CVE-2016-8369 | Hig | 0.57 | 8.8 | 0.00 | Feb 13, 2017 | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). | |
| CVE-2016-8361 | Hig | 0.56 | 8.6 | 0.00 | Feb 13, 2017 | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | |
| CVE-2016-8357 | Hig | 0.46 | 7.1 | 0.00 | Feb 13, 2017 | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. |