Vulnerabilities > Servicetonic

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-08	CVE-2021-28022	SQL Injection vulnerability in Servicetonic Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. network low complexity servicetonic CWE-89	7.5
2021-11-08	CVE-2021-28023	Unrestricted Upload of File with Dangerous Type vulnerability in Servicetonic Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. network low complexity servicetonic CWE-434 critical	9.8
2021-11-08	CVE-2021-28024	Use of Insufficiently Random Values vulnerability in Servicetonic Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. network low complexity servicetonic CWE-330 critical	9.8

Vulnerabilities > Servicetonic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Servicetonic"}]}