VYPR

PRTG

by Paessler

CVEs (7)

  • CVE-2023-31452HigAug 9, 2023
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious…

  • CVE-2023-32782HigAug 9, 2023
    risk 0.51cvss 7.2epss 0.52

    A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity…

  • CVE-2023-32781HigAug 9, 2023
    risk 0.51cvss 7.2epss 0.12

    A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The…

  • CVE-2018-14683MedApr 10, 2019
    risk 0.40cvss 6.1epss 0.01

    PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.

  • CVE-2016-5078MedApr 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Paessler PRTG before 16.2.24.4045 has XSS via SNMP.

  • CVE-2019-19119MedFeb 3, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.

  • CVE-2023-31448MedAug 9, 2023
    risk 0.31cvss 4.7epss 0.00

    A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to…