Lucene search

K

Ironmansoftware Security Vulnerabilities

cve
cve

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and...

8.8CVSS

8.9AI Score

0.002EPSS

2023-11-23 10:15 PM
14
cve
cve

CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and...

8.8CVSS

8.5AI Score

0.002EPSS

2022-11-14 08:15 AM
21
10
cve
cve

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted....

7.2CVSS

6.9AI Score

0.002EPSS

2022-11-14 08:15 AM
21
10