5 matches found
CVE-2021-41555
In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...
CVE-2021-41553
In ARCHIBUS Web Central 21.3.3.815 a version from 2014, the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED In ARCHIBUS Web Central 21.3.3.815 a version from 2014, the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known,...
ARCHIBUS Web Central 跨站脚本漏洞
ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...
PT-2021-23328 · Archibus · Archibus Web Central
Name of the Vulnerable Software and Affected Versions: ARCHIBUS Web Central version 21.3.3.815 Description: The issue arises from the software's failure to properly validate requests for access to data and functionality in several affected endpoints: "/archibus/schema/ab-edit-users.axvw",...