Wbsairback@21.02.04 Security Vulnerabilities and Issues — Wbsairback@21.02.04 CVE List

Lucene search

WhitebearsolutionsWbsairback21.02.04

16 matches found

CVE•added 2024/04/15 2:15 p.m.•61 views

CVE-2024-3781

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.

9.1CVSS7.2AI score0.00242EPSS

CVE•added 2024/04/15 2:15 p.m.•58 views

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS

CVE•added 2024/04/15 2:15 p.m.•54 views

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS

CVE•added 2024/04/15 2:15 p.m.•53 views

CVE-2024-3782

Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.

8.8CVSS6.6AI score0.00136EPSS

CVE•added 2024/04/15 2:15 p.m.•50 views

CVE-2024-3783

The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system.

7.7CVSS6.7AI score0.00151EPSS

CVE•added 2024/04/15 2:15 p.m.•44 views

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS

CVE•added 2024/05/14 3:42 p.m.•30 views

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.0156EPSS

CVE•added 2024/05/14 3:42 p.m.•28 views

CVE-2024-3792

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...

4.8CVSS5.9AI score0.00478EPSS

CVE•added 2024/05/14 3:42 p.m.•25 views

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00682EPSS

CVE•added 2024/05/14 3:42 p.m.•24 views

CVE-2024-3791

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...

4.8CVSS6AI score0.00193EPSS

CVE•added 2024/05/14 3:42 p.m.•23 views

CVE-2024-3790

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...

4.8CVSS5.8AI score0.00071EPSS

CVE•added 2024/05/14 3:42 p.m.•23 views

CVE-2024-3795

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00193EPSS

CVE•added 2024/05/14 3:42 p.m.•20 views

CVE-2024-3789

Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed.

6.5CVSS7.3AI score0.00465EPSS

CVE•added 2024/05/14 3:42 p.m.•19 views

CVE-2024-3793

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

4.8CVSS6AI score0.00193EPSS

CVE•added 2024/05/14 3:42 p.m.•19 views

CVE-2024-3794

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00193EPSS

CVE•added 2024/05/14 3:42 p.m.•18 views

CVE-2024-3796

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00085EPSS