Vendor
ACEware
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24581 | 0.00 | — | 0.00 | May 27, 2022 | ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb… | |||
| CVE-2022-24241 | 0.00 | — | 0.00 | May 27, 2022 | ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | |||
| CVE-2022-24240 | 0.00 | — | 0.01 | May 27, 2022 | ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | |||
| CVE-2022-24239 | 0.00 | — | 0.01 | May 27, 2022 | ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. |
- CVE-2022-24581May 27, 2022risk 0.00cvss —epss 0.00
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb…
- CVE-2022-24241May 27, 2022risk 0.00cvss —epss 0.00
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
- CVE-2022-24240May 27, 2022risk 0.00cvss —epss 0.01
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
- CVE-2022-24239May 27, 2022risk 0.00cvss —epss 0.01
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.