VYPR
Vendor

StruxureWare

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2021-22795CriApr 13, 2022
    risk 0.59cvss 9.1epss 0.03

    A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

  • CVE-2021-22794CriApr 13, 2022
    risk 0.59cvss 9.1epss 0.02

    A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

  • CVE-2023-25548HigApr 18, 2023
    risk 0.57cvss 8.8epss 0.01

    A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

  • CVE-2023-25553MedApr 18, 2023
    risk 0.40cvss 6.1epss 0.00

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and…

  • CVE-2023-25551MedApr 18, 2023
    risk 0.40cvss 6.1epss 0.00

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and…