Lucene search
K
ScytlSecure Vote

4 matches found

CVE
CVE
added 2021/02/27 4:21 a.m.115 views

CVE-2019-25022

CVE-2019-25022 affects Scytl sVote 2.1. The issue is an input handling flaw that allows an attacker to inject code and trigger execution via an election-event and payload injected on the event alias, because the application calls Runtime.getRuntime().exec() without validation. The vulnerability e...

9.8CVSS9.3AI score0.01412EPSS
CVE
CVE
added 2021/02/27 4:22 a.m.105 views

CVE-2019-25023

The CVE-2019-25023 issue affects Scytl sVote 2.1, where an attacker can manipulate the X-Forwarded-For header to inject arbitrary IP addresses into internal application logs due to the logs using that header. The root cause is trusting a client-controlled header for logging. Connected sources (Re...

6.5CVSS6.5AI score0.00884EPSS
CVE
CVE
added 2021/02/27 4:26 a.m.98 views

CVE-2019-25021

In Scytl sVote 2.1, the vulnerability stems from the database manager implementation, allowing an attacker to access OrientDB by using the admin password as the admin password and preventing setting a different password due to code logic. This enables unauthorized access to the OrientDB instance....

7.5CVSS7.5AI score0.01171EPSS
CVE
CVE
added 2021/02/27 4:27 a.m.95 views

CVE-2019-25020

CVE-2019-25020 affects Scytl sVote 2.1. The root cause is an unauthenticated sdm-ws-rest API that allows retrieving administrative configuration by sending a POST to /sdm-ws-rest/preconfiguration. The impact is exposure of admin configuration (confidentiality impact noted as HIGH in CVSS 3.1). Ex...

7.5CVSS7.4AI score0.01289EPSS