Vendor
MSFM
Products
1
CVEs
6
Across products
6
Status
Private
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57766 | Cri | 0.59 | 9.1 | 0.00 | Jan 15, 2025 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. | ||
| CVE-2024-57764 | Cri | 0.59 | 9.1 | 0.00 | Jan 15, 2025 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. | ||
| CVE-2024-57763 | Cri | 0.59 | 9.1 | 0.00 | Jan 15, 2025 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. | ||
| CVE-2024-57767 | Hig | 0.56 | 8.6 | 0.00 | Jan 15, 2025 | MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | ||
| CVE-2024-57765 | Hig | 0.49 | 7.5 | 0.00 | Jan 15, 2025 | MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. | ||
| CVE-2024-57762 | Hig | 0.49 | 7.5 | 0.00 | Jan 15, 2025 | MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. |
- risk 0.59cvss 9.1epss 0.00
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
- risk 0.59cvss 9.1epss 0.00
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
- risk 0.59cvss 9.1epss 0.00
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
- risk 0.56cvss 8.6epss 0.00
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
- risk 0.49cvss 7.5epss 0.00
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
- risk 0.49cvss 7.5epss 0.00
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.