Vulnerabilities > Ironmansoftware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-23	CVE-2023-49213	Command Injection vulnerability in Ironmansoftware Powershell Universal The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. network low complexity ironmansoftware CWE-77	8.8
2022-11-14	CVE-2022-45183	Improper Privilege Management vulnerability in Ironmansoftware Powershell Universal Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. network low complexity ironmansoftware CWE-269	8.8
2022-11-14	CVE-2022-45184	Path Traversal vulnerability in Ironmansoftware Powershell Universal The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. network low complexity ironmansoftware CWE-22	7.2

Vulnerabilities > Ironmansoftware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ironmansoftware"}]}