Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Advantech Subscribe
Filtered by product Wise-paas\/rmm
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27437 1 Advantech 1 Wise-paas\/rmm 2021-05-19 6.4 MEDIUM 9.1 CRITICAL
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
CVE-2019-13547 1 Advantech 1 Wise-paas\/rmm 2021-05-13 10.0 HIGH 9.8 CRITICAL
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVE-2019-13551 1 Advantech 1 Wise-paas\/rmm 2021-05-13 10.0 HIGH 9.8 CRITICAL
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVE-2019-18227 1 Advantech 1 Wise-paas\/rmm 2021-05-13 5.0 MEDIUM 7.5 HIGH
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVE-2019-18229 1 Advantech 1 Wise-paas\/rmm 2021-05-13 4.0 MEDIUM 6.5 MEDIUM
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.