Vulnerabilities > Vembu > BDR Suite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2021-43458 | Unquoted Search Path or Element vulnerability in Vembu BDR Suite 4.2.0.1 An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | 7.2 |
| 2021-06-08 | CVE-2021-26471 | Unspecified vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. | 7.5 |
| 2021-06-08 | CVE-2021-26472 | OS Command Injection vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. | 10.0 |
| 2021-06-08 | CVE-2021-26473 | Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. | 7.5 |
| 2021-06-08 | CVE-2021-26474 | Cross-Site Request Forgery (CSRF) vulnerability in Vembu BDR Suite and Offsite DR Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) | 6.8 |