Vulnerabilities > Dataprobe > Iboot Pdu4Sa C10 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-3264 | Use of Hard-coded Credentials vulnerability in multiple products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | 9.8 |
| 2023-08-14 | CVE-2023-3259 | Deserialization of Untrusted Data vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. | 9.8 |
| 2023-05-22 | CVE-2022-46738 | Unspecified vulnerability in Dataprobe products The affected product exposes multiple sensitive data fields of the affected product. | 9.8 |
| 2023-05-22 | CVE-2022-46658 | Unspecified vulnerability in Dataprobe products The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. | 9.8 |