Vulnerabilities > Battelle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-1000631 | SQL Injection vulnerability in Battelle V2I HUB 3.0 Battelle V2I Hub 3.0 is vulnerable to SQL injection. | 9.8 |
| 2018-12-28 | CVE-2018-1000628 | Unspecified vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. | 9.8 |
| 2018-12-28 | CVE-2018-1000627 | Insufficiently Protected Credentials vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. | 9.8 |
| 2018-12-28 | CVE-2018-1000626 | Unspecified vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. | 9.8 |
| 2018-12-28 | CVE-2018-1000625 | Use of Hard-coded Credentials vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. | 9.8 |