Adremsoft Netcrunch

8 CVEs affecting Adremsoft Netcrunch. Latest disclosed: 2020-12-16. Critical: 2, High: 2.

Top CVEs affecting Adremsoft Netcrunch
CVESeverityScorePublishedSummary
CVE-2019-14482Critical9.82020-12-16AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across differ…
CVE-2019-14480Critical9.82020-12-16AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalatio…
CVE-2019-14479High8.82020-12-16AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server runni…
CVE-2019-14483High8.82020-12-16AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and roo…
CVE-2019-14476Medium6.52020-12-16AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB…
CVE-2019-14477Medium5.52020-12-16AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database…
CVE-2019-14481Medium5.42020-12-16AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in use…
CVE-2019-14478Medium5.42020-12-16AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded wh…