Vulnerabilities > Battelle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-1000631 | SQL Injection vulnerability in Battelle V2I HUB 3.0 Battelle V2I Hub 3.0 is vulnerable to SQL injection. | 9.8 |
| 2018-12-28 | CVE-2018-1000630 | SQL Injection vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. | 7.2 |
| 2018-12-28 | CVE-2018-1000629 | Cross-site Scripting vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. | 6.1 |
| 2018-12-28 | CVE-2018-1000628 | Unspecified vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. | 9.8 |
| 2018-12-28 | CVE-2018-1000627 | Insufficiently Protected Credentials vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. | 9.8 |
| 2018-12-28 | CVE-2018-1000626 | Unspecified vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. | 9.8 |
| 2018-12-28 | CVE-2018-1000625 | Use of Hard-coded Credentials vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. | 9.8 |
| 2018-12-28 | CVE-2018-1000624 | Improper Privilege Management vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. | 7.5 |