Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PascomCloud Phone System

3 matches found

CVE
CVEadded 2022/03/18 5:0 a.m.1864 views

CVE-2021-45966

Pascom Cloud Phone System prior to 7.20.x contains a remote code execution flaw in the management REST API: /services/apply in exd.pl does not properly filter shell metacharacters, enabling an attacker to run arbitrary code. Affected component is the /services/apply endpoint of the exd.pl script;...

10CVSS9.7AI score0.10955EPSS
Web
CVE
CVEadded 2022/03/18 5:0 a.m.1746 views

CVE-2021-45967

Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...

9.8CVSS9.3AI score0.92618EPSS
In wild
CVE
CVEadded 2022/03/18 4:56 a.m.1156 views

CVE-2021-45968

Pascom CPS before 7.20 contains a known Local File Inclusion vulnerability (CVE-2021-45968) in Pascom Cloud Phone System, as documented by Nuclei templates. The issue can allow an attacker to access sensitive information or arbitrary files via LFI. Remediation: apply the latest vendor patches/upd...

7.5CVSS8.3AI score0.9388EPSS