4 matches found
CVE-2019-25022
CVE-2019-25022 affects Scytl sVote 2.1. The issue is an input handling flaw that allows an attacker to inject code and trigger execution via an election-event and payload injected on the event alias, because the application calls Runtime.getRuntime().exec() without validation. The vulnerability e...
CVE-2019-25023
The CVE-2019-25023 issue affects Scytl sVote 2.1, where an attacker can manipulate the X-Forwarded-For header to inject arbitrary IP addresses into internal application logs due to the logs using that header. The root cause is trusting a client-controlled header for logging. Connected sources (Re...
CVE-2019-25021
In Scytl sVote 2.1, the vulnerability stems from the database manager implementation, allowing an attacker to access OrientDB by using the admin password as the admin password and preventing setting a different password due to code logic. This enables unauthorized access to the OrientDB instance....
CVE-2019-25020
CVE-2019-25020 affects Scytl sVote 2.1. The root cause is an unauthenticated sdm-ws-rest API that allows retrieving administrative configuration by sending a POST to /sdm-ws-rest/preconfiguration. The impact is exposure of admin configuration (confidentiality impact noted as HIGH in CVSS 3.1). Ex...