4 matches found
CVE-2012-1828
AutoFORM PDM Archive/AutoFORM PDM Archive before 7.1 allows remote authenticated users to perform administrative actions due to missing authorization for hidden administrative functions (e.g., password-change). The issue is tied to the hidden function exposure and is addressed by vendor updates: ...
CVE-2012-3347
CVE-2012-3347 affects AutoFORM PDM Archive prior to 7.0. The issue arises from how user accounts are implemented, allowing authenticated remote users to access the JMX Console at /jmx-console and then upload/execute arbitrary JSP code via a JBoss remote-deployment mechanism. The description docum...
CVE-2012-1827
AutoFORM PDM Archive vulnerability CVE-2012-1827 affects versions prior to 7.1. The webservice lacks authorization, allowing remote authenticated users to interact with the application database via SOAP (notably initializeQueryDatabase2), bypassing normal permissions. This can lead to unauthorize...
CVE-2012-1829
CVE-2012-1829 refers to multiple stored XSS vulnerabilities in AutoFORM PDM Archive prior to 6.920. The root cause is insufficient input validation and/or output encoding in many fields, enabling remote authenticated users to inject arbitrary scripts or HTML. Impacts include potential information...