Lucene search
K
LeostreamConnection Broker

5 matches found

CVE
CVE
added 2021/08/06 8:58 p.m.111 views

CVE-2021-38157

The CVE-2021-38157 entry concerns LeoStream Connection Broker 9.x prior to 9.0.34.3, which is vulnerable to unauthenticated reflected XSS via the /index.pl endpoint using the user parameter. The root cause is improper handling/validation of user-supplied input on that endpoint, enabling an attack...

6.1CVSS5.9AI score0.01119EPSS
CVE
CVE
added 2020/10/06 2:32 p.m.56 views

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by a stored XSS via the webquery.pl User-Agent header. An unauthenticated attacker can inject JavaScript that is rendered when admins log in, potentially forcing the admin to upload a malicious Perl script that could be executed as root through libMis...

9.6CVSS9.1AI score0.02119EPSS
CVE
CVE
added 2022/01/18 2:45 p.m.51 views

CVE-2021-41551

CVE-2021-41551 affects Leostream Connection Broker 9.0.40.17. Administrators can perform a directory traversal by uploading a ZIP file that contains a symbolic link, enabling access to files outside the intended directory. This is supported by Red Hat and NVD entries in the provided documents. Th...

4.9CVSS5.1AI score0.01274EPSS
CVE
CVE
added 2018/10/30 1:0 a.m.42 views

CVE-2018-18817

The vulnerability CVE-2018-18817 affects the Leostream Agent prior to Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier. Root cause: the Leostream Agent API allows remote modification of registry keys, enabling an attacker to alter registry settings remotely (network vect...

7.5CVSS7.5AI score0.01071EPSS
CVE
CVE
added 2022/01/18 2:46 p.m.41 views

CVE-2021-41550

The CVE-2021-41550 entry affects Leostream Connection Broker 9.0.40.17, where an administrator can upload and execute Perl code. The NVD entry cites a network-accessible vulnerability with low attack complexity and requires a high-privilege context (prerequisites: HIGH; UI: NONE) leading to parti...

7.2CVSS7AI score0.00962EPSS