Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-19 | 6.4 MEDIUM | 9.1 CRITICAL |
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | |||||
CVE-2019-13547 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | |||||
CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
CVE-2019-18227 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | |||||
CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. |