Vulnerabilities > Globalnorthstar > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-29395 Path Traversal vulnerability in Globalnorthstar Northstar Club Management 6.3
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
network
low complexity
globalnorthstar CWE-22
7.5
2022-02-04 CVE-2021-29397 Cleartext Transmission of Sensitive Information vulnerability in Globalnorthstar Northstar Club Management 6.3
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.
network
low complexity
globalnorthstar CWE-319
7.5