Vulnerabilities > Computrols > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2019-10847 Cross-Site Request Forgery (CSRF) vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
network
low complexity
computrols CWE-352
8.8
8.8
2019-05-23 CVE-2019-10849 Missing Authorization vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
network
low complexity
computrols CWE-862
7.5
7.5
2019-05-23 CVE-2019-10855 Inadequate Encryption Strength vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 mishandles password hashes.
network
low complexity
computrols CWE-326
7.5
7.5
2019-05-23 CVE-2019-10854 Command Injection vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
network
low complexity
computrols CWE-77
8.8
8.8
2019-05-23 CVE-2019-10853 Unspecified vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authentication Bypass.
network
high complexity
computrols
8.1
8.1
2019-05-23 CVE-2019-10852 SQL Injection vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
network
low complexity
computrols CWE-89
8.8
8.8