Vulnerabilities > AVE

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-28	CVE-2020-21994	Insufficiently Protected Credentials vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. network low complexity ave CWE-522 critical	9.8
2021-04-28	CVE-2020-21996	Missing Authentication for Critical Function vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. network low complexity ave CWE-306	7.5
2021-04-28	CVE-2020-21991	Improper Authentication vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. network low complexity ave CWE-287	7.5

Vulnerabilities > AVE {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"AVE"}]}