Lucene search
K
ArchibusWeb Central

5 matches found

CVE
CVE
added 2022/05/25 11:8 a.m.63 views

CVE-2022-28862

Affected product : Archibus Web Central. Vulnerability : SQL Injection in dwr/call/plaincall/workflow.runWorkflowRule.dwr prior to 26.2, allowing arbitrary SQL to modify query syntax and perform unauthorized operations against the remote database. Root cause : lack of validation of externally ent...

9.8CVSS9.9AI score0.00968EPSS
CVE
CVE
added 2021/10/05 3:0 p.m.55 views

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 suffers improper access control: requests to /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, and /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw do not verify p...

8.8CVSS8.4AI score0.00847EPSS
Web
CVE
CVE
added 2021/10/05 3:6 p.m.54 views

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (2014), the Web Application at /archibus/login.axvw assigns a session token that can already be in use by another user. After login, the app does not issue a new token, continuing to use the inserted token as the session identifier. It is also possible to set th...

9.8CVSS9.3AI score0.01203EPSS
Web
CVE
CVE
added 2023/01/10 12:0 a.m.44 views

CVE-2022-45165

CVE-2022-45165 affects Archibus Web Central 2022.03.01.107 where a service accepts a user-controlled parameter to build an SQL query, making it prone to SQL injection. Reported impacts include potential high-severity concerns (per CVSS metrics: confidentiality and integrity impacts reported). Pub...

8.8CVSS8.8AI score0.00644EPSS
CVE
CVE
added 2021/10/05 2:58 p.m.42 views

CVE-2021-41555

CVE-2021-41555 affects ARCHIBUS Web Central 21.3.3.815 and earlier. The vulnerability is an XSS in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr where input data from clients is re-included in the HTTP response without proper validation, allowing HTML or client-side code (e.g., JavaSc...

6.1CVSS6AI score0.00745EPSS