Vulnerabilities > Unitrends > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2020-8427 SQL Injection vulnerability in Unitrends Backup
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
network
low complexity
unitrends CWE-89
7.5
2017-04-20 CVE-2017-7282 Information Exposure vulnerability in Unitrends Enterprise Backup 7.3.0
An issue was discovered in Unitrends Enterprise Backup before 9.1.1.
network
unitrends CWE-200
7.1
2017-04-12 CVE-2017-7280 Improper Input Validation vulnerability in Unitrends Enterprise Backup 7.3.0
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0.
network
low complexity
unitrends CWE-20
7.5
2014-05-02 CVE-2014-3139 Improper Authentication vulnerability in Unitrends Enterprise Backup 7.3.0
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
network
low complexity
unitrends CWE-287
7.5