VYPR
Vendor

Idm Sistemas Qsige

Products
3
CVEs
8
Across products
9
Status
Private

Products

3

Recent CVEs

8
  • CVE-2023-4103HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.00

    QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.

  • CVE-2023-4102HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.01

    QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

  • CVE-2023-4101HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.00

    The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

  • CVE-2023-4098HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.00

    It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.

  • CVE-2023-4097HigOct 3, 2023
    risk 0.57cvss 8.8epss 0.01

    The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.

  • CVE-2023-4099HigOct 3, 2023
    risk 0.49cvss 7.6epss 0.00

    The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

  • CVE-2024-0580MedJan 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X…

  • CVE-2023-4100MedOct 3, 2023
    risk 0.42cvss 6.5epss 0.00

    Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.