Total
21 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3983 | 1 Advantech | 1 Iview | 2024-02-05 | N/A | 8.8 HIGH |
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | |||||
CVE-2022-2135 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 7.5 HIGH |
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | |||||
CVE-2022-2142 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 5.9 MEDIUM |
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | |||||
CVE-2022-2137 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 4.9 MEDIUM |
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | |||||
CVE-2022-2136 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 6.5 MEDIUM |
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | |||||
CVE-2022-2143 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 9.8 CRITICAL |
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2022-2138 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 7.5 HIGH |
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | |||||
CVE-2022-2139 | 1 Advantech | 1 Iview | 2024-02-04 | N/A | 9.8 CRITICAL |
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
CVE-2021-32932 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | |||||
CVE-2021-32930 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | |||||
CVE-2021-22658 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | |||||
CVE-2021-22656 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | |||||
CVE-2021-22654 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | |||||
CVE-2021-22652 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | |||||
CVE-2020-14499 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. | |||||
CVE-2020-14507 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
CVE-2020-14503 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-14505 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. | |||||
CVE-2020-14497 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. | |||||
CVE-2020-16245 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. |