Vulnerabilities > Unisoon
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-27 | CVE-2020-3936 | SQL Injection vulnerability in Unisoon Ultralog Express Firmware 1.4.0 UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | 7.5 |
2020-03-27 | CVE-2020-3921 | Information Exposure vulnerability in Unisoon Ultralog Express Firmware 1.4.0 UltraLog Express device management software stores user’s information in cleartext. | 5.0 |
2020-03-27 | CVE-2020-3920 | Improper Authentication vulnerability in Unisoon Ultralog Express Firmware 1.4.0 UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. | 5.5 |