Vulnerabilities > Archibus > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-28862 SQL Injection vulnerability in Archibus web Central 21.3.3.815
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr.
network
low complexity
archibus CWE-89
critical
 9.8
9.8
2021-10-05 CVE-2021-41553 Session Fixation vulnerability in Archibus web Central 21.3.3.815
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user.
network
low complexity
archibus CWE-384
critical
 9.8
9.8