Lucene search
K
ToutvirtualVirtualiq

6 matches found

CVE
CVE
added 2010/05/07 5:43 p.m.63 views

CVE-2009-4844

The CVE-2009-4844 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882. The vulnerability arises because access to the /status URI on port 9080 is not restricted, enabling remote attackers to obtain sensitive Tomcat information via a direct request. This constitutes an exposure in the manageme...

5CVSS6.4AI score0.01205EPSS
CVE
CVE
added 2010/05/07 5:43 p.m.52 views

CVE-2009-4842

ToutVirtual VirtualIQ Pro 3.5 build 8691 has multiple XSS vulnerabilities. Remote attackers can inject arbitrary script/HTML via parameters (addNewDept, deptId, deptDesc) to tvserver/server/user/addDepartment.jsp and (firstName, lastName, email) in a save action to tvserver/user/user.do. The issu...

4.3CVSS5.7AI score0.00855EPSS
Web
CVE
CVE
added 2010/05/07 5:43 p.m.52 views

CVE-2009-4843

CVE-2009-4843 affects ToutVirtual VirtualIQ Pro prior to 3.5 build 8691. The issue is that the JBoss consoles (JMX Management Console and Web Console) do not require administrative authentication, enabling remote attackers to execute arbitrary commands through targeted requests. The vulnerability...

7.5CVSS8.2AI score0.0211EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.52 views

CVE-2009-4849

ToutVirtual VirtualIQ Pro is affected by multiple CSRF vulnerabilities in versions 3.2 (build 7882) and 3.5 (build 8691). The flaws allow remote attackers to hijack administrator sessions and perform sensitive actions via requests to tvserver/user/user.do, including creating a new user account, s...

6.8CVSS7.4AI score0.00943EPSS
Web
CVE
CVE
added 2010/05/07 6:23 p.m.47 views

CVE-2009-4848

ToutVirtual VirtualIQ Pro 3.2 (build 7882) and 3.5 (build 8691) contain multiple cross-site scripting (XSS) vulnerabilities. The flaws allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) userId in tvserver/server/user/setPermissions.jsp, (2) deptName in...

4.3CVSS5.9AI score0.01062EPSS
Web
CVE
CVE
added 2010/05/07 5:43 p.m.44 views

CVE-2009-4845

The CVE-2009-4845 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882, where the configuration page stores SSH credentials in cleartext. The root cause is exposure of usernames and passwords via the configuration UI, enabling remote attackers to obtain sensitive information without exploiting...

5CVSS6.5AI score0.01205EPSS