Upsmon Pro@2.57 Security Vulnerabilities and Issues — Upsmon Pro@2.57 CVE List

Lucene search

UpspowercomUpsmon Pro2.57

4 matches found

CVE•added 2022/11/10 3:15 p.m.•40 views

CVE-2022-38120

UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.

6.5CVSS6.7AI score0.30965EPSS

CVE•added 2022/11/10 3:15 p.m.•36 views

CVE-2022-38119

UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.

9.8CVSS9.9AI score0.00151EPSS

CVE•added 2022/11/10 3:15 p.m.•35 views

CVE-2022-38121

UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.

6.5CVSS6.6AI score0.39068EPSS

CVE•added 2022/11/10 3:15 p.m.•30 views

CVE-2022-38122

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.

7.5CVSS7.5AI score0.00062EPSS