Vulnerabilities > Dataprobe > Iboot Pdu8A N15 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2022-4945 | Unspecified vulnerability in Dataprobe products The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. | 6.5 |
| 2022-12-21 | CVE-2022-3183 | OS Command Injection vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. | 9.8 |
| 2022-12-21 | CVE-2022-3184 | Path Traversal vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory. | 9.8 |
| 2022-12-21 | CVE-2022-3185 | Unspecified vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. | 5.3 |
| 2022-12-21 | CVE-2022-3186 | Unspecified vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. | 7.5 |
| 2022-12-21 | CVE-2022-3187 | Improper Authorization vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. | 5.3 |
| 2022-12-21 | CVE-2022-3188 | Missing Authentication for Critical Function vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users. | 5.3 |
| 2022-12-21 | CVE-2022-3189 | Server-Side Request Forgery (SSRF) vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. | 5.3 |