Vulnerabilities > Articatech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2021-40680 | Path Traversal vulnerability in Articatech web Proxy 4.30.000000 There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | 8.1 |
| 2020-08-12 | CVE-2020-17505 | OS Command Injection vulnerability in Articatech web Proxy 4.30.000000 Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. | 8.8 |
| 2020-07-20 | CVE-2020-15052 | SQL Injection vulnerability in Articatech Artica Proxy An issue was discovered in Artica Proxy CE before 4.28.030.418. | 7.5 |
| 2020-06-22 | CVE-2020-13158 | Path Traversal vulnerability in Articatech Artica Proxy 4.28.030.418/4.28.030418 Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | 7.5 |
| 2020-03-22 | CVE-2020-10818 | OS Command Injection vulnerability in Articatech Artica Proxy 4.26 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | 7.2 |
| 2019-02-01 | CVE-2019-7300 | Insufficiently Protected Credentials vulnerability in Articatech Artica Proxy 3.06.200056 Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | 7.2 |