VYPR

CO2Scope

by EasyVirt

CVEs (7)

  • CVE-2024-55062CriJan 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.

  • CVE-2024-53356CriJan 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because…

  • CVE-2024-57587CriJan 31, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.

  • CVE-2024-53355HigJan 31, 2025
    risk 0.57cvss 8.8epss 0.01

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete…

  • CVE-2024-53357HigJan 31, 2025
    risk 0.49cvss 7.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete…

  • CVE-2025-28076MedApr 25, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12)…

  • CVE-2024-53354MedJan 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to…