Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Carbon Security Vulnerabilities

cve
cve

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with.....

8.2CVSS

7.6AI Score

0.001EPSS

2023-12-15 10:15 AM
17
cve
cve

CVE-2022-4520

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...

6.1CVSS

6AI Score

0.001EPSS

2022-12-15 09:15 PM
39
cve
cve

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to...

6.1CVSS

6AI Score

0.001EPSS

2022-12-15 09:15 PM
73
cve
cve

CVE-2019-10948

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually...

7.5CVSS

9.4AI Score

0.001EPSS

2019-04-30 05:29 PM
28
cve
cve

CVE-2019-10950

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying...

9.8CVSS

9.3AI Score

0.002EPSS

2019-04-30 05:29 PM
23
cve
cve

CVE-2016-4314

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to...

4.9CVSS

4.8AI Score

0.039EPSS

2017-02-17 02:59 AM
29
cve
cve

CVE-2016-4316

Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or...

6.1CVSS

6AI Score

0.003EPSS

2017-02-17 02:59 AM
31
cve
cve

CVE-2016-4315

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to...

5.7CVSS

5.8AI Score

0.014EPSS

2017-02-17 02:59 AM
24