Bdr Suite Security Vulnerabilities and Issues — Bdr Suite CVE List

Lucene search

VembuBdr Suite

5 matches found

CVE•added 2022/04/04 3:15 p.m.•74 views

CVE-2021-43458

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.

7.8CVSS8.1AI score0.00079EPSS

CVE•added 2021/06/08 7:15 p.m.•41 views

CVE-2021-26473

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.

9.8CVSS9.6AI score0.00743EPSS

CVE•added 2021/06/08 7:15 p.m.•37 views

CVE-2021-26472

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

10CVSS10AI score0.09967EPSS

CVE•added 2021/06/08 7:15 p.m.•35 views

CVE-2021-26474

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)

8.8CVSS8.8AI score0.00234EPSS

CVE•added 2021/06/08 7:15 p.m.•32 views

CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.

9.8CVSS9.9AI score0.07305EPSS