Raritan
Products
10- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9095 | 0.03 | — | 0.02 | Nov 26, 2014 | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |||
| CVE-2025-55703 | 0.00 | — | 0.00 | Dec 15, 2025 | An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ… | |||
| CVE-2018-20687 | 0.00 | — | 0.03 | Nov 18, 2019 | An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML… | |||
| CVE-2014-3901 | 0.00 | — | 0.02 | Aug 12, 2014 | Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet. | |||
| CVE-2014-2955 | 0.00 | — | 0.03 | Jul 14, 2014 | Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||
| CVE-2005-2136 | 0.00 | — | 0.01 | Jul 5, 2005 | Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. |
- CVE-2014-9095Nov 26, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
- CVE-2025-55703Dec 15, 2025risk 0.00cvss —epss 0.00
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ…
- CVE-2018-20687Nov 18, 2019risk 0.00cvss —epss 0.03
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML…
- CVE-2014-3901Aug 12, 2014risk 0.00cvss —epss 0.02
Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet.
- CVE-2014-2955Jul 14, 2014risk 0.00cvss —epss 0.03
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
- CVE-2005-2136Jul 5, 2005risk 0.00cvss —epss 0.01
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.