CVE-2018-13993

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF...

CVE-2018-13994

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections...

CVE-2018-13994

PHOENIX CONTACT FL SWITCH 3xxx, 4xxx and 48xx devices running firmware versions 1.0–1.34 are affected by CVE-2018-13994, a Denial-of-Service via the Web UI caused by resource exhaustion from more than 120 concurrent connections. Affected product family and version range are explicitly stated; mit...

CVE-2018-13994

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections...

CVE-2018-13993

The CVE-2018-13993 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WebUI of Phoenix Contact FL SWITCH family (3xxx, 4xxx, 48xx) versions before 1.35. The underlying issue allows a remote attacker to trick an authenticated user’s browser into issuing unwanted commands, wit...

CVE-2018-13993

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF...

CVE-2018-13992

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission HTTP of user credentials by default...

CVE-2018-13991

CVE-2018-13991 affects PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx, firmware versions 1.0–1.34. Root cause: insecure storage of sensitive information in the switch Web UI, enabling leakage of private information (e.g., private keys) from firmware images. Related advisories note multiple vulnerabilit...

CVE-2018-13991

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images...

CVE-2018-4062

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without a...

Design/Logic Flaw

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts...

CVE-2018-13990

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts...

CVE-2018-13990

The CVE-2018-13990 entry targets PHOENIX CONTACT FL SWITCH series (3xxx, 4xxx, 48xx) with versions prior to 1.35. The vulnerability arises from Improper Restriction of Excessive Authentication Attempts, enabling brute-force login attempts against the Web UI. Exploitation could allow an attacker t...

CVE-2018-13990

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts...

CVE-2019-4012

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886...

CVE-2019-4012

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886...

CVE-2019-4012

CVE-2019-4012 affects IBM BigFix WebUI Profile Management 6 and IBM BigFix Software Distribution 23. The root cause is a SQL injection vulnerability due to a lack of validation of externally entered SQL statements, enabling a remote attacker to view, add, modify, or delete data in the back-end da...

CVE-2019-4012

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886...

IBM BigFix WebUI Software Distribution and IBM BigFix WebUI Profile Management SQL Injection Vulnerabilities

IBM BigFix WebUI Software Distribution and IBM BigFix WebUI Profile Management are both products of IBM Corporation of the U.S.A. IBM BigFix WebUI Software Distribution is a software distribution application.IBM BigFix WebUI Profile Management is a configuration management application. IBM BigFix...

CVE-2019-7001

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to...