Lucene search

Connection Broker Security Vulnerabilities - January

cve

CVE-2018-18817

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.

7.5CVSS

7.5AI Score

0.002EPSS

2018-10-30 01:29 AM

cve

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malici...

9.6CVSS

9.1AI Score

0.002EPSS

2020-10-06 03:15 PM

cve

CVE-2021-38157

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

6.1CVSS

5.9AI Score

0.001EPSS

2021-08-06 09:15 PM

cve

CVE-2021-41550

Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.

7.2CVSS

7AI Score

0.001EPSS

2022-01-18 03:15 PM

cve

CVE-2021-41551

Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.

4.9CVSS

5.1AI Score

0.001EPSS

2022-01-18 03:15 PM