Vulnerabilities > Paxtechnology > Paxstore > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2020-36124 XXE vulnerability in Paxtechnology Paxstore
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection.
network
low complexity
paxtechnology CWE-611
4.0
2021-05-07 CVE-2020-36125 Improper Authentication vulnerability in Paxtechnology Paxstore
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
network
low complexity
paxtechnology CWE-287
5.5
2021-05-07 CVE-2020-36126 Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation.
network
low complexity
paxtechnology CWE-639
5.5
2021-05-07 CVE-2020-36127 Improper Certificate Validation vulnerability in Paxtechnology Paxstore
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability.
network
low complexity
paxtechnology CWE-295
4.0
2021-05-07 CVE-2020-36128 Authentication Bypass by Spoofing vulnerability in Paxtechnology Paxstore
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability.
network
low complexity
paxtechnology CWE-290
6.4