Vulnerabilities > Artica > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-30 | CVE-2021-34075 | Insufficiently Protected Credentials vulnerability in Artica Pandora FMS In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | 5.9 |
| 2021-05-07 | CVE-2021-32100 | Unspecified vulnerability in Artica Pandora FMS 742 A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. | 6.5 |
| 2020-03-23 | CVE-2020-8497 | Missing Authentication for Critical Function vulnerability in Artica Pandora FMS In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. | 5.3 |
| 2020-01-30 | CVE-2019-20050 | OS Command Injection vulnerability in Artica Pandora FMS 7.42 Pandora FMS = 7.42 suffers from a remote code execution vulnerability. | 6.8 |
| 2018-12-18 | CVE-2018-19829 | Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | 6.5 |
| 2018-12-17 | CVE-2018-19828 | Cross-site Scripting vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | 6.1 |
| 2017-10-27 | CVE-2017-15937 | Information Exposure vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. | 6.5 |
| 2017-10-27 | CVE-2017-15936 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | 5.4 |
| 2017-10-27 | CVE-2017-15934 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | 5.4 |