3 matches found
CVE-2019-10243
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura...
CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an...
Eclipse Kura Command Execution Vulnerability
Eclipse Kura is an OSGi-based M2M service gateway application framework from the Eclipse Foundation. A security vulnerability exists in versions of Eclipse Kura prior to 2.1.0. An attacker could exploit the vulnerability to log in to the device, execute commands, or take control of the device...