Vulnerabilities > Auvesy MDT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-32933 | OS Command Injection vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. | 9.8 |
| 2022-04-01 | CVE-2021-32937 | Information Exposure Through an Error Message vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. | 7.5 |
| 2022-04-01 | CVE-2021-32945 | Inadequate Encryption Strength vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. | 7.5 |
| 2022-04-01 | CVE-2021-32949 | Path Traversal vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | 7.5 |
| 2022-04-01 | CVE-2021-32953 | SQL Injection vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | 9.8 |
| 2022-04-01 | CVE-2021-32957 | SQL Injection vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. | 7.5 |
| 2022-04-01 | CVE-2021-32961 | Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. | 7.5 |