VYPR
Vendor

Computrols

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2019-10850CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Computrols CBAS 18.0.0 has Default Credentials.

  • CVE-2019-10847HigMay 24, 2019
    risk 0.60cvss 8.8epss 0.02

    Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.

  • CVE-2019-10854HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.03

    Computrols CBAS 18.0.0 allows Authenticated Command Injection.

  • CVE-2019-10852HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.02

    Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.

  • CVE-2019-10853HigMay 23, 2019
    risk 0.53cvss 8.1epss 0.02

    Computrols CBAS 18.0.0 allows Authentication Bypass.

  • CVE-2019-10849HigMay 23, 2019
    risk 0.52cvss 7.5epss 0.09

    Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.

  • CVE-2019-10855HigMay 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.

  • CVE-2019-10846MedMay 23, 2019
    risk 0.43cvss 6.1epss 0.05

    Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.

  • CVE-2019-10851MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Computrols CBAS 18.0.0 has hard-coded encryption keys.

  • CVE-2019-10848MedMay 24, 2019
    risk 0.38cvss 5.3epss 0.08

    Computrols CBAS 18.0.0 allows Username Enumeration.