Open-audit Security Vulnerabilities and Issues — Open-audit CVE List

Lucene search

OpmantekOpen-audit

4 matches found

CVE•added 2021/01/20 4:15 p.m.•50 views

CVE-2021-3130

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

5.9CVSS5.7AI score0.00627EPSS

CVE•added 2021/02/05 2:15 p.m.•46 views

CVE-2021-3333

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.

6.1CVSS6.1AI score0.00317EPSS

CVE•added 2021/12/20 12:15 p.m.•41 views

CVE-2021-44916

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

6.1CVSS5.9AI score0.04458EPSS

CVE•added 2021/12/22 1:15 p.m.•36 views

CVE-2021-40612

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

9.8CVSS9.5AI score0.00995EPSS