Cososys
Products
3- 4 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36072 | Cri | 0.64 | 9.8 | 0.01 | Jun 27, 2024 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious… | ||
| CVE-2019-13285 | Hig | 0.49 | 7.5 | 0.01 | May 4, 2020 | CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. | ||
| CVE-2024-36074 | Hig | 0.47 | 7.2 | 0.01 | Jun 27, 2024 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to… | ||
| CVE-2024-36073 | Hig | 0.47 | 7.2 | 0.01 | Jun 27, 2024 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or… | ||
| CVE-2024-36075 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2024 | The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify… | ||
| CVE-2012-2994 | 0.04 | — | 0.06 | Sep 18, 2012 | The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2014-3932 | 0.00 | — | 0.01 | Jun 2, 2014 | SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. |
- risk 0.64cvss 9.8epss 0.01
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious…
- risk 0.49cvss 7.5epss 0.01
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.
- risk 0.47cvss 7.2epss 0.01
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to…
- risk 0.47cvss 7.2epss 0.01
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or…
- risk 0.42cvss 6.5epss 0.01
The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify…
- CVE-2012-2994Sep 18, 2012risk 0.04cvss —epss 0.06
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
- CVE-2014-3932Jun 2, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.