CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
A vulnerability in GLPI’s asset management and data center software is related to the
The introduction of a malicious link by an unauthenticated user. Exploitation of the vulnerability could
allow an attacker acting remotely to conduct an XSS attack
Vulnerability in GLPI’s request, incident and computer hardware inventory system is related to
Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code
GLPI asset and data center management software vulnerability is related to
Improper verification of file permissions available to an authenticated user. Exploitation of the
of the vulnerability could allow an attacker acting remotely to obtain sensitive information
Vulnerability in GLPI’s computer equipment request, incident, and inventory system is related to
Access control weaknesses. Exploitation of the vulnerability could allow an intruder acting
remotely, to modify or view control panel data
Vulnerability in the GLPI computer equipment request, incident and inventory system is related to an authentication flaw.
Authentication procedure flaws. Exploitation of the vulnerability could allow an intruder acting
remotely, to disclose protected information
GLPI asset and data center management software vulnerability is related to
Improper verification of file permissions available to an authenticated user. Exploitation of the
of the vulnerability could allow an attacker acting remotely to escalate their privileges