Lucene search

K
ArchibusWeb Central

5 matches found

CVE
CVE
added 2022/05/25 12:15 p.m.49 views

CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remo...

9.8CVSS9.9AI score0.0025EPSS
CVE
CVE
added 2021/10/05 4:15 p.m.41 views

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the ...

9.8CVSS9.3AI score0.00356EPSS
CVE
CVE
added 2021/10/05 3:15 p.m.39 views

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schem...

8.8CVSS8.4AI score0.00221EPSS
CVE
CVE
added 2021/10/05 3:15 p.m.31 views

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

6.1CVSS6AI score0.00396EPSS
CVE
CVE
added 2023/01/10 9:15 p.m.30 views

CVE-2022-45165

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.

8.8CVSS8.8AI score0.00063EPSS