Lucene search
K

11 matches found

CVE
CVE
added 2019/09/20 1:38 p.m.53 views

CVE-2019-14913

PRiSE adAS 1.7.0 is affected by a persistent XSS in the administration panel due to log data not being properly escaped. Root cause: inadequate escaping in the logging path. Impact: XSS could affect users with access to the admin UI; exact exploit details, affected components, versions beyond 1.7...

5.4CVSS5.2AI score0.00864EPSS
CVE
CVE
added 2019/09/20 1:40 p.m.53 views

CVE-2019-14916

CVE-2019-14916 affects PRiSE adAS 1.7.0. The issue is a failure to properly validate a file’s format, enabling an unrestricted file upload. The underlying cause is inadequate input/format checks during upload, leading to potential to place arbitrary files on the server and perform abuse as descri...

6.5CVSS6.4AI score0.01036EPSS
CVE
CVE
added 2019/09/20 1:43 p.m.53 views

CVE-2019-15089

CVE-2019-15089 affects PRiSE adAS 1.7.0. The vulnerability is a lack of CSRF protection on forms, enabling an attacker to execute administrator actions. The available connected documents confirm the issue but do not provide patch versions or explicit remediation steps. If exploited, the impact is...

8.8CVSS8.7AI score0.00572EPSS
CVE
CVE
added 2019/09/20 1:38 p.m.51 views

CVE-2019-14912

The CVE-2019-14912 entry concerns PRiSE adAS 1.7.0, where the OPENSSO module fails to validate the goto parameter, causing an open redirect that leaks the user session cookie. Multiple sources (NVD, Red Hat, CVE lists) confirm the affected product and the underlying cause. Exploitation details an...

6.1CVSS6.2AI score0.01193EPSS
CVE
CVE
added 2019/09/20 1:41 p.m.50 views

CVE-2019-15086

CVE-2019-15086 affects PRiSE adAS 1.7.0. The parameter newentityID is not properly escaped, leading to a reflected XSS in the error message. The connected sources confirm the same description across multiple feeds (Red Hat, NVD, CVE lists). No public exploit details, impact scope, or remediation ...

6.1CVSS5.9AI score0.00802EPSS
CVE
CVE
added 2019/09/20 1:39 p.m.49 views

CVE-2019-14914

CVE-2019-14914 affects PRiSE adAS 1.7.0. The vulnerability arises from an improperly escaped path in the medatadata_del method, enabling Directory Traversal that can cause arbitrary file reads and deletions. Documents confirm the issue and its impact but do not provide exploitation details, affec...

9.1CVSS9AI score0.02018EPSS
CVE
CVE
added 2019/09/20 1:42 p.m.49 views

CVE-2019-15087

PRiSE adAS 1.7.0 is affected by CVE-2019-15087. An authenticated attacker can alter the hash function used for passwords, enabling remote code execution. Several connected sources (NVD, Red Hat advisory, CVE listings) corroborate the same vector in PRiSE adAS 1.7.0, but no concrete exploit detail...

7.2CVSS7.2AI score0.03333EPSS
CVE
CVE
added 2019/09/20 1:37 p.m.48 views

CVE-2019-14911

CVE-2019-14911 affects PRiSE adAS 1.7.0 via the OPENSSO module, where output is not properly escaped on error, causing reflected XSS. Documented impact indicates network attack vector with user interaction not required in CVSS2/3.1 analysis; exploitation details are not provided in the available ...

6.1CVSS6.2AI score0.01033EPSS
CVE
CVE
added 2019/09/20 1:39 p.m.48 views

CVE-2019-14915

PRiSE adAS 1.7.0 contains an XSS issue caused by unescaped certificate data submitted in rogue certificates. Affected component: certificate handling in PRiSE adAS 1.7.0. Root cause: improper escaping of certificate data. Exploitation details are not provided in the documents. No remediation or p...

6.1CVSS5.9AI score0.00524EPSS
CVE
CVE
added 2019/09/20 1:42 p.m.46 views

CVE-2019-15088

PRiSE adAS 1.7.0 contains an authentication bypass vulnerability where password hashes are compared using the equality operator. This improper comparison can allow bypassing login under certain conditions, as described in CVE-2019-15088 and reflected in multiple sources (NVD, Red Hat advisory, CV...

9.8CVSS9.3AI score0.01719EPSS
CVE
CVE
added 2019/09/20 1:41 p.m.44 views

CVE-2019-15085

CVE-2019-15085 affects PRiSE adAS 1.7.0. The issue is that the current database password is embedded in the change password form, exposing the password to potential access. This vulnerability impacts confidentiality (C) and is classified under CVSS v3.1 as High impact (C:H) with a Network attack ...

7.5CVSS7.6AI score0.01371EPSS