Vembu BDR Suite

CPE Details

Vembu BDR Suite
vembu
bdr_suite
-
2021-06-11
12h27 +00:00
2021-06-14
11h12 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:vembu:bdr_suite:-:*:*:*:*:*:*:*

Informations

Vendor

vembu

Product

bdr_suite

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-26474 2021-06-08 18h39 +00:00 Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
8.8
Haute
CVE-2021-26473 2021-06-08 18h38 +00:00 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
9.8
Critique
CVE-2021-26472 2021-06-08 18h37 +00:00 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
10
Critique
CVE-2021-26471 2021-06-08 18h36 +00:00 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
9.8
Critique