8 matches found
CVE-2020-7008
CVE-2020-7008 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module. A path traversal vulnerability lets an attacker supply unverified URL input to read arbitrary local files. Red Hat and CVE records confirm the issue and ICS/CISA advisories reference the same affected products. Mitigat...
CVE-2021-42537
CVE-2021-42537 affects VISAM VBASE Editor (and VBASE 11.6.0.6) where processing XML documents can embed external-entity references, leading to output containing incorrect documents. The issue is tied to improper restriction of XML external entity references (CWE-611) in VISAM VBASE Editor 11.6.0....
CVE-2020-10601
CVE-2020-10601 affects VISAM VBASE Editor (11.5.0.2) and VBASE Web-Remote Module. The root cause is a weak hashing algorithm and insecure permissions, enabling a local attacker to bypass the password‑protected mechanism via brute-force or by overwriting the password hash. Impact is local, allowin...
CVE-2020-10599
Summary: CVE-2020-10599 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module, where a vulnerable ActiveX component enables a stack-based buffer overflow leading to denial of service and arbitrary code execution. Red Hat and NVD entries corroborate the same issue. The ics advisory confi...
CVE-2020-7000
CVE-2020-7000 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The vulnerability allows an unauthenticated attacker to obtain the web server’s cryptographic key and information about the login and encryption/decryption mechanism, enabling bypass of authentication for the HTML5 HM...
CVE-2020-7004
CVE-2020-7004 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The issue is weak or insecure permissions on the VBASE directory, enabling elevation of privileges when a privileged user runs the application. Public sources in the connected documents confirm this vulnerability and ...
CVE-2021-42535
CVE-2021-42535 affects VISAM VBASE Editor (Web Remote) on version 11.6.0.6, where user-controllable input is not properly neutralized before being emitted into public-facing webpages (Cross-Site Scripting). Connected sources confirm the affected product and root cause; remediation guidance from I...
CVE-2021-38417
CVE-2021-38417 affects VISAM VBASE Editor (WEB REMOTE) 11.6.0.6, where improper access control via the web-remote endpoint may allow an unauthenticated user to view folders/files in a directory listing. Public sources consistently describe this vulnerability as an improper access control issue (C...