VYPR
Vendor

konzept-ix

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2020-27183CriOct 27, 2020
    risk 0.64cvss 9.8epss 0.01

    A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

  • CVE-2020-27179CriOct 27, 2020
    risk 0.64cvss 9.8epss 0.01

    konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

  • CVE-2020-27180HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

  • CVE-2020-27181MedOct 27, 2020
    risk 0.42cvss 6.5epss 0.01

    A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.

  • CVE-2020-27182MedOct 27, 2020
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.