Pandora Fms@* Security Vulnerabilities and Issues — Pandora Fms@* CVE List

Lucene search

PandorafmsPandora Fms*

10 matches found

CVE•added 2022/03/10 5:44 p.m.•2435 views

CVE-2022-0507

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

8.8CVSS6.9AI score0.00166EPSS

CVE•added 2022/08/05 4:15 p.m.•64 views

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.

6.1CVSS5.2AI score0.00406EPSS

CVE•added 2019/06/29 1:15 p.m.•60 views

CVE-2019-13035

Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) a...

7.8CVSS8AI score0.0011EPSS

CVE•added 2023/01/27 10:15 p.m.•51 views

CVE-2022-43980

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS paylo...

5.4CVSS5AI score0.00196EPSS

CVE•added 2022/08/05 4:15 p.m.•48 views

CVE-2021-46677

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.

6.1CVSS5.2AI score0.00406EPSS

CVE•added 2022/08/05 4:15 p.m.•44 views

CVE-2021-46676

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.

6.1CVSS5.2AI score0.00295EPSS

CVE•added 2023/01/27 10:15 p.m.•39 views

CVE-2022-43979

There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thu...

9.8CVSS8AI score0.00686EPSS

CVE•added 2023/01/27 10:15 p.m.•38 views

CVE-2022-43978

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to ...

5.6CVSS4.4AI score0.00121EPSS

CVE•added 2022/08/05 4:15 p.m.•37 views

CVE-2021-46679

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.

6.1CVSS5.2AI score0.00295EPSS

CVE•added 2023/06/13 12:15 p.m.•34 views

CVE-2023-2807

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms.

9.8CVSS8.1AI score0.00058EPSS