Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mobaxterm Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2017-15376

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.

9.8CVSS

9.8AI Score

0.006EPSS

2017-10-16 04:29 AM
33
cve
cve

CVE-2019-7690

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH P...

9.8CVSS

9.5AI Score

0.007EPSS

2019-05-13 04:29 PM
34
cve
cve

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.

9.1CVSS

9.1AI Score

0.002EPSS

2022-12-06 12:15 AM
46