23 matches found
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59710
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...
CVE-2025-59711
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...
EUVD-2025-209206
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...
EUVD-2025-209203
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
EUVD-2025-209205
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...
CVE-2025-59710
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...
CVE-2025-59711
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59711
CVE-2025-59711 affects BizTalk360 prior to 11.5. The issue arises from mishandling of user-provided input in an upload mechanism, enabling an authenticated attacker to write files outside the destination directory and/or coerce authentication (Directory Traversal). The connected sources confirm t...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
Biztalk360 安全漏洞
Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input in the upload mechanism. As a result, authenticate...
CVE-2025-59711
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59710
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...
PT-2026-30045
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
PT-2026-30047
Name of the Vulnerable Software and Affected Versions Biztalk360 versions prior to 11.5 Description A flaw exists in Biztalk360 that allows an authenticated attacker to write files outside the intended destination directory and potentially bypass authentication. This is due to improper handling o...
PT-2026-30046
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...
Biztalk360 安全漏洞
Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input in the server read paths, which could allow...
CVE-2025-59710
CVE-2025-59710 affects BizTalk360 prior to v11.5. The root cause is improper access control that allows any user to request loading a DLL; during loading, a method is invoked and a malicious DLL uploaded by an attacker can lead to remote code execution on the server. The vulnerability is referenc...