VYPR
Vendor

Bond

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2019-13022CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.01

    Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These…

  • CVE-2019-13023MedMay 14, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it…

  • CVE-2019-13021MedMay 14, 2020
    risk 0.42cvss 6.5epss 0.01

    The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has…