Vulnerabilities > Ocsinventory NG > Ocsinventory NG > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2018-08-04 CVE-2018-14473 XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.
network
low complexity
ocsinventory-ng CWE-611
6.4
6.4
2018-08-04 CVE-2018-12483 OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.
network
low complexity
ocsinventory-ng CWE-78
critical
 9.0
9.0
2018-08-04 CVE-2018-12482 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.
network
low complexity
ocsinventory-ng CWE-89
6.5
6.5