Vulnerabilities > Adremsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-16 | CVE-2019-14481 | Cross-Site Request Forgery (CSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. | 5.4 |
| 2020-12-16 | CVE-2019-14479 | OS Command Injection vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. | 8.8 |
| 2020-12-16 | CVE-2019-14478 | Cross-site Scripting vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. | 5.4 |
| 2020-12-16 | CVE-2019-14476 | Server-Side Request Forgery (SSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. | 6.5 |
| 2020-12-16 | CVE-2019-14483 | Unspecified vulnerability in Adremsoft Netcrunch AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. | 8.8 |
| 2020-12-16 | CVE-2019-14482 | Use of Hard-coded Credentials vulnerability in Adremsoft Netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. | 9.8 |
| 2020-12-16 | CVE-2019-14480 | Incorrect Permission Assignment for Critical Resource vulnerability in Adremsoft Netcrunch AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | 9.8 |
| 2020-12-16 | CVE-2019-14477 | Insufficiently Protected Credentials vulnerability in Adremsoft Netcrunch AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted. | 5.5 |