Flexair Security Vulnerabilities and Issues — Flexair CVE List

Lucene search

PrimasystemsFlexair

4 matches found

CVE•added 2019/07/01 7:15 p.m.•87 views

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

8.8CVSS8.6AI score0.21089EPSS

CVE•added 2019/07/01 7:15 p.m.•62 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication.

8.8CVSS8.4AI score0.0376EPSS

CVE•added 2019/06/05 7:29 p.m.•53 views

CVE-2019-7672

Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.

8.8CVSS8.5AI score0.02359EPSS

CVE•added 2019/07/01 7:15 p.m.•52 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.

8.8CVSS8.5AI score0.01134EPSS