Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10601 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2021-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash. | |||||
| CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | |||||
| CVE-2020-10599 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code. | |||||
| CVE-2020-7004 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 7.2 HIGH | 8.8 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. | |||||
| CVE-2020-7008 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. | |||||