Vulnerabilities > Computrols

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2019-10848 Information Exposure Through Discrepancy vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Username Enumeration.
network
low complexity
computrols CWE-203
5.0
2019-05-24 CVE-2019-10847 Cross-Site Request Forgery (CSRF) vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
6.8
2019-05-23 CVE-2019-10850 Use of Hard-coded Credentials vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 has Default Credentials.
network
low complexity
computrols CWE-798
critical
10.0
2019-05-23 CVE-2019-10849 Missing Authorization vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
network
low complexity
computrols CWE-862
5.0
2019-05-23 CVE-2019-10846 Cross-site Scripting vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
network
computrols CWE-79
4.3
2019-05-23 CVE-2019-10855 Inadequate Encryption Strength vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 mishandles password hashes.
network
low complexity
computrols CWE-326
5.0
2019-05-23 CVE-2019-10854 Command Injection vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
network
low complexity
computrols CWE-77
critical
9.0
2019-05-23 CVE-2019-10853 Unspecified vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authentication Bypass.
network
computrols
8.3
2019-05-23 CVE-2019-10852 SQL Injection vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
network
low complexity
computrols CWE-89
6.5
2019-05-23 CVE-2019-10851 Key Management Errors vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 has hard-coded encryption keys.
network
low complexity
computrols CWE-320
4.0