VYPR
Vendor

Openbravo

Products
5
CVEs
6
Across products
8
Status
Private

Products

5

Recent CVEs

6
  • CVE-2017-9437HigJun 5, 2017
    risk 0.57cvss 8.8epss 0.01

    Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.

  • CVE-2021-34572MedSep 16, 2021
    risk 0.42cvss 6.5epss 0.00

    Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.

  • CVE-2021-34571MedSep 16, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.

  • CVE-2021-34573MedSep 16, 2021
    risk 0.40cvss 6.2epss 0.00

    In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.

  • CVE-2019-14362MedJul 28, 2019
    risk 0.35cvss 5.4epss 0.02

    Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.

  • CVE-2013-3617Nov 2, 2013
    risk 0.05cvss epss 0.21

    The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML…