Openbravo
Products
2- 2 CVEs
- 2 CVEs
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9437 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2017 | Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |
| CVE-2013-3617 | 0.08 | — | 0.57 | Nov 2, 2013 | The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue. | ||
| CVE-2021-34573 | 0.00 | — | 0.00 | Sep 16, 2021 | In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events. | ||
| CVE-2021-34571 | 0.00 | — | 0.00 | Sep 16, 2021 | Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM. |
- risk 0.57cvss 8.8epss 0.00
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
- CVE-2013-3617Nov 2, 2013risk 0.08cvss —epss 0.57
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
- CVE-2021-34573Sep 16, 2021risk 0.00cvss —epss 0.00
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.
- CVE-2021-34571Sep 16, 2021risk 0.00cvss —epss 0.00
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.