Vulnerabilities > Ericssonlg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-25 | CVE-2020-7824 | Incorrect Default Permissions vulnerability in Ericssonlg Ipecs A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. | 6.5 |
| 2018-08-15 | CVE-2018-15138 | Path Traversal vulnerability in Ericssonlg Ipecs NMS 30M2.3Gn/30Mb.2Ia Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | 7.5 |
| 2018-04-22 | CVE-2018-9245 | SQL Injection vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | 9.8 |
| 2018-04-22 | CVE-2018-10286 | Insufficiently Protected Credentials vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. | 8.8 |
| 2018-04-22 | CVE-2018-10285 | Incorrect Permission Assignment for Critical Resource vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. | 9.8 |