Vulnerabilities > Archibus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-45164 | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
| 2023-01-10 | CVE-2022-45165 | SQL Injection vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 8.8 |
| 2023-01-10 | CVE-2022-45166 | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
| 2023-01-10 | CVE-2022-45167 | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
| 2022-05-25 | CVE-2022-28862 | SQL Injection vulnerability in Archibus web Central 21.3.3.815 In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. | 9.8 |
| 2021-10-05 | CVE-2021-41553 | Session Fixation vulnerability in Archibus web Central 21.3.3.815 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. | 9.8 |
| 2021-10-05 | CVE-2021-41554 | Missing Authorization vulnerability in Archibus web Central 21.3.3.815 ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. | 8.8 |
| 2021-10-05 | CVE-2021-41555 | Cross-site Scripting vulnerability in Archibus web Central 21.3.3.815 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. | 6.1 |