24 matches found
CVE-2024-25657
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
CVE-2024-25655
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...
CVE-2024-25657
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...
CVE-2024-25655
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
AVSystem Unified Management Platform Security Vulnerability
AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...
PT-2024-21071 · Avsystem · Avsystem Unified Management Platform
Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue concerns the insecure storage of LDAP passwords in the authentication functionality. This allows members with read access to the application database to...
CVE-2024-25657
CVE-2024-25657 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. An open redirect exists in the Login/Logout web management flow, potentially causing authenticated users to be redirected to malicious websites. The initial entry reports a CVSSv3.1 base score of 5.4 (Medium) wit...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
CVE-2024-25656 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. The root cause is improper input validation that allows unauthenticated CPE devices to store arbitrarily large amounts of data during enrollment, which can lead to a denial of service by overloading the applicati...
CVE-2024-25657
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
CVE-2024-25655
CVE-2024-25655 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. The root cause is insecure storage of LDAP passwords in the authentication functionality, enabling users who have read access to the application database to decrypt LDAP passwords of users who authenticate via LD...
AVSystem Unified Management Platform Security Vulnerability
AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...
CVE-2024-25655
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...