VYPR
Vendor

AVSystem

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-25655MedMar 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web…

  • CVE-2024-25656MedMar 18, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the…

  • CVE-2024-25654MedMar 18, 2024
    risk 0.36cvss 5.5epss 0.00

    Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

  • CVE-2024-25657MedMar 18, 2024
    risk 0.35cvss 5.4epss 0.00

    An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.