Cyberpower Powerpanel Enterprise
3 CVEs affecting Cyberpower Powerpanel Enterprise. Latest disclosed: 2023-08-14. Critical: 3, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-3266 | Critical | 9.8 | 2023-08-14 | A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentic… |
CVE-2023-3265 | Critical | 9.8 | 2023-08-14 | An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login int… |
CVE-2023-3267 | Critical | 9.1 | 2023-08-14 | When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitizat… |