Lucene search

Ivm Attendant Security Vulnerabilities

cve

CVE-2021-37442

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

6.5CVSS

6.3AI Score

0.001EPSS

2021-07-25 10:15 PM

cve

CVE-2021-37443

NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

8.1CVSS

8.1AI Score

0.001EPSS

2021-07-25 10:15 PM

cve

CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt A...

8.8CVSS

8.8AI Score

0.001EPSS

2021-07-25 10:15 PM

cve

CVE-2021-37448

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

5.4CVSS

5.3AI Score

0.001EPSS

2021-07-25 10:15 PM

cve

CVE-2021-37449

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

5.4CVSS

5.3AI Score

0.001EPSS

2021-07-25 10:15 PM

cve

CVE-2021-37450

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).

5.4CVSS

5.3AI Score

0.001EPSS

2021-07-25 09:15 PM

cve

CVE-2021-37451

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).

5.4CVSS

5.3AI Score

0.001EPSS

2021-07-25 09:15 PM