Adremsoft Netcrunch
8 CVEs affecting Adremsoft Netcrunch. Latest disclosed: 2020-12-16. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-14482 | Critical | 9.8 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across differ… |
CVE-2019-14480 | Critical | 9.8 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalatio… |
CVE-2019-14479 | High | 8.8 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server runni… |
CVE-2019-14483 | High | 8.8 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and roo… |
CVE-2019-14476 | Medium | 6.5 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB… |
CVE-2019-14477 | Medium | 5.5 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database… |
CVE-2019-14481 | Medium | 5.4 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in use… |
CVE-2019-14478 | Medium | 5.4 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded wh… |