Vulnerabilities > GE > Intelligent Platforms Proficy Real Time Information Portal

DATE CVE VULNERABILITY TITLE RISK
2013-01-27 CVE-2013-0652 Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.
network
low complexity
ge CWE-264
5.0
2013-01-27 CVE-2013-0651 Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request.
network
low complexity
ge CWE-264
5.0
2012-11-01 CVE-2012-3026 Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.
network
low complexity
ge CWE-20
critical
10.0
2012-11-01 CVE-2012-3021 Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.
network
low complexity
ge CWE-20
critical
10.0
2012-11-01 CVE-2012-3010 Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.
network
low complexity
ge CWE-20
critical
10.0
2012-03-15 CVE-2012-0232 Path Traversal vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.
network
low complexity
ge CWE-22
6.4