Orpak Siteomat
6 CVEs affecting Orpak Siteomat. Latest disclosed: 2019-06-03. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14851 | Critical | 9.8 | 2019-06-03 | A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication valid… |
CVE-2017-14728 | Critical | 9.8 | 2019-06-03 | An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this expl… |
CVE-2017-14854 | Critical | 9.1 | 2019-06-03 | A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to… |
CVE-2017-14853 | High | 8.6 | 2019-06-03 | The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command… |
CVE-2017-14852 | High | 8.6 | 2019-06-03 | An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The att… |
CVE-2017-14850 | Medium | 6.1 | 2019-06-03 | All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external use… |