FreeTAKServer-UI Project FreeTAKServer-UI 1.9.8

CPE Details

FreeTAKServer-UI Project FreeTAKServer-UI 1.9.8
freetakserver-ui_project
freetakserver-ui
1.9.8
2022-03-16
17h48 +00:00
2022-06-10
16h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:freetakserver-ui_project:freetakserver-ui:1.9.8:*:*:*:*:*:*:*

Informations

Vendor

freetakserver-ui_project

Product

freetakserver-ui

Version

1.9.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-25512 2022-03-10 22h35 +00:00 FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.
7.5
High
CVE-2022-25510 2022-03-10 22h35 +00:00 FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
8.8
High
CVE-2022-25511 2022-03-10 22h35 +00:00 An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
6.5
Medium
CVE-2022-25508 2022-03-10 22h35 +00:00 An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.
7.5
High
CVE-2022-25506 2022-03-10 22h35 +00:00 FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
6.5
Medium
CVE-2022-25507 2022-03-10 22h35 +00:00 FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
5.4
Medium