Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:41 p.m.โ€ข11 views

CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:17 p.m.โ€ข12 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS5.7AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:16 p.m.โ€ข12 views

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.5CVSS5.5AI score0.00682EPSS
Exploits1References1
Packet Storm
Packet Storm
โ€ขadded 2026/05/26 12:0 a.m.โ€ข104 views

๐Ÿ“„ Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection

Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...

9.3CVSS6.5AI score0.00941EPSS
Exploits3
NVD
NVD
โ€ขadded 2026/05/19 2:16 p.m.โ€ข12 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS0.00598EPSS
Exploits2References4
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/19 12:59 p.m.โ€ข10 views

CVE-2026-42100 DoS in Sparx Pro Cloud Server

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.1CVSS5.9AI score0.00682EPSS
Exploits1References4
EUVD
EUVD
โ€ขadded 2026/05/19 12:59 p.m.โ€ข13 views

EUVD-2026-30932

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

8.7CVSS5.8AI score0.00682EPSS
Exploits3References4
CVE
CVE
โ€ขadded 2026/05/19 12:59 p.m.โ€ข18 views

CVE-2026-42100

Technical details (affected products/versions, root cause, impact, mitigation) are not publicly available in the provided documents. Monitor for updates as new information may be published.

7.5CVSS5.9AI score0.00682EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/05/19 12:59 p.m.โ€ข7 views

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS6AI score0.00941EPSS
Exploits2References5
CVE
CVE
โ€ขadded 2026/05/19 12:59 p.m.โ€ข22 views

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

9.3CVSS6AI score0.00941EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
โ€ขadded 2026/05/19 12:59 p.m.โ€ข47 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS
Exploits2References4
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/19 12:59 p.m.โ€ข11 views

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/19 12:0 a.m.โ€ข15 views

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

9.3CVSS5.9AI score0.00941EPSS
Exploits2References9
CNNVD
CNNVD
โ€ขadded 2026/05/19 12:0 a.m.โ€ข11 views

Sparx Systems Sparx Pro Cloud Server ๅฎ‰ๅ…จๆผๆดž

Sparx Pro Cloud Server is a modeling and service platform developed by Sparx Systems in Australia. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server 6.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed fro...

9.3CVSS5.9AI score0.00941EPSS
Exploits2References1
EUVD
EUVD
โ€ขadded 2026/04/17 9:31 a.m.โ€ข8 views

EUVD-2025-209513

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS5.8AI score0.00261EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/04/17 9:16 a.m.โ€ข4 views

CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS0.0038EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/04/17 8:38 a.m.โ€ข9 views

CVE-2025-15625

CVE-2025-15625 involves the Sparx Pro Cloud Server where an unauthenticated user can execute arbitrary SQL commands in certain cases. Affected product: Sparx Pro Cloud Server (unspecified version in the provided documents). Impact is described as high across confidentiality, integrity, and availa...

9.8CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
โ€ขadded 2026/04/17 8:38 a.m.โ€ข31 views

CVE-2025-15624 Plaintext Storage of a Password in Sparx Pro Cloud Server.

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/17 12:0 a.m.โ€ข9 views

PT-2026-33426

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server affected versions not specified Description An unauthenticated user can execute arbitrary SQL commands in the database. This SQL injection allows for a complete database takeover without requiring credentials...

9.8CVSS6.1AI score0.0042EPSS
Exploits0References6
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/17 12:0 a.m.โ€ข6 views

PT-2026-33425

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server affected versions not specified Description In configurations where OpenID is utilized as the primary authentication method for Sparx EA, the software creates local passwords for users and stores them in plaintext...

9.3CVSS5.8AI score0.0038EPSS
Exploits0References6
Rows per page
Query Builder