Vulnerabilities > Paxtechnology > Paxstore > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-07 | CVE-2020-36124 | XXE vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. | 4.0 |
2021-05-07 | CVE-2020-36125 | Improper Authentication vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly. | 5.5 |
2021-05-07 | CVE-2020-36126 | Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. | 5.5 |
2021-05-07 | CVE-2020-36127 | Improper Certificate Validation vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. | 4.0 |
2021-05-07 | CVE-2020-36128 | Authentication Bypass by Spoofing vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. | 6.4 |