Vulnerabilities > Idera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-14 | CVE-2020-19587 | Cross-site Scripting vulnerability in Idera Yellowfin Business Intelligence 7.3 Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. | 5.4 |
| 2018-08-27 | CVE-2015-9263 | Unrestricted Upload of File with Dangerous Type vulnerability in Idera Uptime Infrastructure Monitor 7.4.0/7.5.0 An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). | 9.8 |
| 2017-07-20 | CVE-2017-11471 | SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8 IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. | 9.8 |
| 2017-07-20 | CVE-2017-11470 | SQL Injection vulnerability in Idera Uptime Infrastructure Monitor 7.8 IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | 9.8 |
| 2017-07-20 | CVE-2017-11469 | Path Traversal vulnerability in Idera Uptime Infrastructure Monitor 7.8 get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | 7.5 |
| 2016-06-10 | CVE-2015-8268 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor 7.5/7.6 The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2015-12-31 | CVE-2015-2896 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | 5.3 |
| 2015-12-31 | CVE-2015-2895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Idera Uptime Infrastructure Monitor 7.4 Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | 7.3 |
| 2015-12-31 | CVE-2015-2894 | Use of Externally-Controlled Format String vulnerability in Idera Uptime Infrastructure Monitor 6.0/7.2 Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | 5.3 |