Vulnerabilities > Adremsoft

DATE CVE VULNERABILITY TITLE RISK
2020-12-16 CVE-2019-14481 Cross-Site Request Forgery (CSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client.
network
adremsoft CWE-352
5.8
2020-12-16 CVE-2019-14479 Incorrect Permission Assignment for Critical Resource vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution.
network
low complexity
adremsoft CWE-732
critical
9.0
2020-12-16 CVE-2019-14478 Cross-site Scripting vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client.
network
adremsoft CWE-79
3.5
2020-12-16 CVE-2019-14476 Server-Side Request Forgery (SSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server.
network
low complexity
adremsoft CWE-918
4.0
2020-12-16 CVE-2019-14483 Insufficiently Protected Credentials vulnerability in Adremsoft Netcrunch
AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure.
network
low complexity
adremsoft CWE-522
critical
9.0
2020-12-16 CVE-2019-14482 Use of Hard-coded Credentials vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client.
network
low complexity
adremsoft CWE-798
critical
10.0
2020-12-16 CVE-2019-14480 Improper Authentication vulnerability in Adremsoft Netcrunch
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.
network
low complexity
adremsoft CWE-287
7.5
2020-12-16 CVE-2019-14477 Insufficiently Protected Credentials vulnerability in Adremsoft Netcrunch 10.6.0.4587/11.0.0.5282
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted.
local
low complexity
adremsoft CWE-522
2.1