Cloud Backup Suite Security Vulnerabilities and Issues — Cloud Backup Suite CVE List

Lucene search

AhsayCloud Backup Suite

4 matches found

CVE•added 2019/07/26 9:15 p.m.•361 views

CVE-2019-10266

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.

7.8CVSS7.3AI score0.15785EPSS

CVE•added 2019/07/26 9:15 p.m.•331 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.

7.2CVSS6.9AI score0.00476EPSS

CVE•added 2019/07/26 9:15 p.m.•322 views

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.

7.8CVSS7.4AI score0.00724EPSS

CVE•added 2022/09/21 5:15 p.m.•51 views

CVE-2022-37027

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequen...

7.2CVSS7.2AI score0.33751EPSS