Vulnerabilities > Axway
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-26 | CVE-2019-14277 | XML Injection (aka Blind XPath Injection) vulnerability in Axway Securetransport Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. | 9.8 |
2019-04-03 | CVE-2015-5606 | Improper Input Validation vulnerability in Axway Vordel XML Gateway 7.2.2 Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. | 5.0 |
2019-01-21 | CVE-2019-6500 | Path Traversal vulnerability in Axway File Tranfer Direct 2.7.1 In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | 5.0 |
2014-11-04 | CVE-2013-7057 | Cross-Site Request Forgery (CSRF) vulnerability in Axway Securetransport Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/. | 6.8 |
2014-05-27 | CVE-2012-6452 | Improper Authentication vulnerability in Axway Email Firewall and Secure Messenger Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | 5.0 |
2012-12-13 | CVE-2012-4991 | Path Traversal vulnerability in Axway Securetransport Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI. | 8.5 |