Vulnerabilities > Netsweeper > Netsweeper > 3.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-19 | CVE-2014-9611 | Improper Authentication vulnerability in Netsweeper Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | 7.5 |
2017-09-19 | CVE-2014-9610 | Permissions, Privileges, and Access Controls vulnerability in Netsweeper Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | 5.0 |
2015-09-04 | CVE-2014-9605 | Improper Authentication vulnerability in Netsweeper WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. | 9.4 |