The vulnerability allows a remote attacker to compromise vulnerable system. A remote attacker on the local network can send specially crafted packets to delete the files on the system where IPM software is installed.ĬWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type The vulnerability exists due to insufficient validation of user-supplied input in the "saveDriverData" function in meta_driver_srv.js class using invalidated driverID. The vulnerability allows a remote attacker to delete arbitrary files on the target system. A remote authenticated attacker on the local network can send specially crafted packets to delete the files on the system where IPM software is installed. The vulnerability exists due to insufficient validation of user-supplied input in the "removeBackground" function in "server/maps_srv.js" and "removeFirmware" function in "server/node_upgrade_srv.js". The vulnerability allows a remote attacker to compromise the target system. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).ĬVSSv3.1: 7.6 ĬWE-ID: CWE-20 - Improper Input Validation A remote attacker on the local network can control the input to the function and execute attacker-controlled commands. The vulnerability exists due to the affected software does not neutralize code syntax from users before using in the dynamic evaluation call in the "loadUserFile" function under scripts/libs/utils.js. The vulnerability allows a remote attacker to compromise the system. We are not aware of malware exploiting this vulnerability.ĬVSSv3.1: 7.2 Is there known malware, which exploits this vulnerability? This vulnerability can be exploited by a remote authenticated user via the local network (LAN). Full software list in CPE2.3 format available after registration.Ĭan this vulnerability be exploited remotely?.Intelligent Power Manager Virtual Appliance: before 1.69 Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application. A remote authenticated attacker on the local network can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database. The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows a remote attacker to execute arbitrary SQL queries in database. ![]() CVSSv3.1: 6.2 ĬWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |