2 matches found
CVE-2022-3217
CVE-2022-3217 describes a credential leakage vulnerability in VISAM VBASE when logging in to a VBASE runtime project via Web-Remote. The issue arises from XOR-based obfuscation using a static initial key for login messages, enabling an unauthenticated, remote attacker who can capture a login sess...
CVE-2022-45876
CVE-2022-45876 affects VISAM VBASE Automation Base prior to 11.7.5. The vulnerability is an information-disclosure flaw tied to improper handling of XML External Entities (XXE) in ProjektInfo.XML within the VBASE Editor, requiring a valid user to open a crafted file or visit a malicious resource....