Open-audit@* Security Vulnerabilities and Issues — Open-audit@* CVE List

Lucene search

OpmantekOpen-audit*

5 matches found

CVE•added 2019/09/13 5:15 p.m.•230 views

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.

8.8CVSS8.7AI score0.00949EPSS

CVE•added 2018/07/06 2:29 p.m.•51 views

CVE-2018-11124

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

5.4CVSS5.2AI score0.00194EPSS

CVE•added 2021/01/20 4:15 p.m.•50 views

CVE-2021-3130

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

5.9CVSS5.7AI score0.00627EPSS

CVE•added 2021/12/20 12:15 p.m.•41 views

CVE-2021-44916

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

6.1CVSS5.9AI score0.04458EPSS

CVE•added 2021/12/22 1:15 p.m.•36 views

CVE-2021-40612

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

9.8CVSS9.5AI score0.00995EPSS