PRTG
by Paessler
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31452 | Hig | 0.57 | 8.8 | 0.01 | Aug 9, 2023 | A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious… | ||
| CVE-2023-32782 | Hig | 0.51 | 7.2 | 0.52 | Aug 9, 2023 | A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity… | ||
| CVE-2023-32781 | Hig | 0.51 | 7.2 | 0.12 | Aug 9, 2023 | A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The… | ||
| CVE-2018-14683 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2019 | PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. | ||
| CVE-2016-5078 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2017 | Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | ||
| CVE-2019-19119 | Med | 0.36 | 5.5 | 0.00 | Feb 3, 2020 | An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | ||
| CVE-2023-31448 | Med | 0.31 | 4.7 | 0.00 | Aug 9, 2023 | A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to… |
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious…
- risk 0.51cvss 7.2epss 0.52
A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity…
- risk 0.51cvss 7.2epss 0.12
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The…
- risk 0.40cvss 6.1epss 0.01
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
- risk 0.40cvss 6.1epss 0.01
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
- risk 0.31cvss 4.7epss 0.00
A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to…