Web Central Security Vulnerabilities and Issues — Web Central CVE List

Lucene search

ArchibusWeb Central

3 matches found

CVE•added 2021/10/05 4:15 p.m.•41 views

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the ...

9.8CVSS9.3AI score0.00356EPSS

CVE•added 2021/10/05 3:15 p.m.•39 views

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schem...

8.8CVSS8.4AI score0.00221EPSS

CVE•added 2021/10/05 3:15 p.m.•31 views

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

6.1CVSS6AI score0.00396EPSS