Lucene search
K
NetsasEnigma Network Management Solution

11 matches found

CVE
CVE
added 2020/03/19 11:6 p.m.118 views

CVE-2019-16072

Affected product: NETSAS Enigma NMS (65.0.0 and earlier). Vulnerability: OS command injection in the discover_and_manage CGI script, caused by improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. Impact: attacker (authenticated) can execute arb...

10CVSS9.8AI score0.25279EPSS
Web
CVE
CVE
added 2020/03/19 10:56 p.m.101 views

CVE-2019-16068

Affected product: NETSAS ENIGMA NMS, version 65.0.0 and prior. Vulnerability type: Cross-Site Request Forgery (CSRF) that can coerce a user to submit a malicious manage_files.cgi request. Root cause (as stated): CSRF exists and can be triggered via XSS or an IFRAME tag embedded in the site. Impac...

8.8CVSS8.2AI score0.00947EPSS
Web
CVE
CVE
added 2020/03/19 5:52 p.m.87 views

CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and earlier suffer from lack of encryption for data stored in the SQL database, enabling exposure of unencrypted sensitive data. Root cause: no encryption at rest for sensitive data. Impact: information disclosure to an attacker with access to the SQL database. The provid...

6.5CVSS6.6AI score0.00756EPSS
CVE
CVE
added 2020/03/19 5:55 p.m.78 views

CVE-2019-16065

The CVE-2019-16065 entry concerns a remote SQL injection in Enigma NMS 65.0.0 and earlier web applications. Vulnerable component: manage_hosts_short.cgi parameter search_pattern (web CGI). Underlying issue: SQL injection in the web interface could allow an attacker to run SQL commands to extract ...

9CVSS9.1AI score0.0281EPSS
Web
CVE
CVE
added 2020/03/19 10:58 p.m.70 views

CVE-2019-16069

NETSAS Enigma NMS (65.0.0 and earlier) is affected by stored Cross‑Site Scripting (XSS) vulnerabilities that can allow an attacker to inject malicious client‑side code into the web application via SNMP. Public records from NVD/Red Hat/CNVD/CVE listings confirm the issue and describe the vulnerabi...

6.1CVSS6.1AI score0.00686EPSS
CVE
CVE
added 2020/03/19 10:21 p.m.68 views

CVE-2019-16063

CVE-2019-16063 affects NETSAS Enigma NMS 65.0.0 and earlier. The vulnerability is an information disclosure where sensitive data rendered in web pages is not encrypted, allowing an attacker to expose unencrypted sensitive data. No exploit details or affected versions beyond 65.0.0 and prior are p...

7.5CVSS7.5AI score0.00666EPSS
CVE
CVE
added 2020/03/19 5:52 p.m.57 views

CVE-2019-16061

CVE-2019-16061 affects NETSAS Enigma NMS server 65.0.0 and earlier. Affected files have weak world-readable and world-writable permissions, enabling low-privilege users with system access to read sensitive data (e.g., .htpasswd) and create/modify/delete files (e.g., under /var/www/html/docs). The...

8.8CVSS8.3AI score0.00994EPSS
CVE
CVE
added 2020/03/19 5:56 p.m.52 views

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and earlier versions use basic authentication over HTTP to enforce access to the web application. The cleartext authentication traffic can allow an attacker to intercept and steal usernames and passwords. The connected documents corroborate this entry across multiple sour...

7.5CVSS7.7AI score0.00785EPSS
CVE
CVE
added 2020/03/19 5:56 p.m.50 views

CVE-2019-16066

The CVE-2019-16066 entry describes an unrestricted file upload vulnerability in the NETSAS Enigma NMS product (version 65.0.0 and earlier) affecting both user and system file upload functions. The underlying issue enables an attacker to upload malicious files and perform arbitrary code execution ...

9CVSS8.8AI score0.02239EPSS
CVE
CVE
added 2020/03/19 5:54 p.m.43 views

CVE-2019-16064

Summary: CVE-2019-16064 affects NETSAS Enigma NMS 65.0.0 and earlier. A directory traversal vulnerability allows an authenticated user to access files and directories outside the web root, enabling listing of OS directory contents, creating directories, uploading files, and modifying/deleting fil...

9.6CVSS9AI score0.01306EPSS
CVE
CVE
added 2020/03/19 5:58 p.m.38 views

CVE-2019-16070

NETSAS Enigma NMS 65.0.0 and earlier contains stored XSS vulnerabilities (CVE-2019-16070) in the WEB application, exploitable through web form inputs. Root cause per sources: lack/insufficient validation of client-side data in the web app. Impact described as client-side code execution; CVSS data...

6.1CVSS6.1AI score0.00691EPSS