CPE Details

3CX
3cx
3cx
-
2022-05-16
12h55 +00:00
2022-05-17
12h32 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:3cx:3cx:-:*:*:*:*:*:*:*

Informations

Vendor

3cx

Product

3cx

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-49954 2023-12-24 23h00 +00:00 The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
9.8
Critique
CVE-2022-48482 2023-05-02 00h00 +00:00 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
7.5
Haute
CVE-2022-48483 2023-05-02 00h00 +00:00 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
7.5
Haute
CVE-2022-28005 2022-05-05 22h00 +00:00 An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
9.8
Critique
CVE-2021-45491 2022-03-27 23h14 +00:00 3CX System through 2022-03-17 stores cleartext passwords in a database.
6.5
Moyen