Vulnerabilities > Mobatek > Mobaxterm > 8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2022-38336 | Improper Authentication vulnerability in Mobatek Mobaxterm An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | 8.1 |
| 2022-12-06 | CVE-2022-38337 | Use of Hard-coded Credentials vulnerability in Mobatek Mobaxterm When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. | 9.1 |
| 2021-06-03 | CVE-2021-28847 | Unspecified vulnerability in Mobatek Mobaxterm MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. | 5.0 |
| 2015-11-04 | CVE-2015-7244 | Improper Access Control vulnerability in Mobatek Mobaxterm 2.2/8.2 The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | 7.5 |