Software House C•CURE 9000
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32861 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2024 | Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions. | ||
| CVE-2024-0912 | 0.00 | — | 0.00 | Jun 5, 2024 | Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions | |||
| CVE-2020-9049 | 0.00 | — | 0.01 | Nov 19, 2020 | A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for… | |||
| CVE-2020-9045 | 0.00 | — | 0.01 | May 21, 2020 | During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. |
- risk 0.51cvss 7.8epss 0.00
Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions.
- CVE-2024-0912Jun 5, 2024risk 0.00cvss —epss 0.00
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
- CVE-2020-9049Nov 19, 2020risk 0.00cvss —epss 0.01
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for…
- CVE-2020-9045May 21, 2020risk 0.00cvss —epss 0.01
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.