Abb Aspect-Enterprise vulnerabilities

58 known vulnerabilities affecting abb/aspect-enterprise.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL15HIGH32MEDIUM11

Vulnerabilities

Page 3 of 3

CVE-2024-51545CRITICALCVSS 9.3≤ 3.08.022024-12-05

CVE-2024-51545 [CRITICAL] CWE-522 CVE-2024-51545: Username Enumeration vulnerabilities allow access to application level username add, delete, modify Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-11317CRITICALCVSS 9.3PoC≤ 3.08.022024-12-05

CVE-2024-11317 [CRITICAL] CWE-384 CVE-2024-11317: Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login pr Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-11316HIGHCVSS 8.7≤ 3.08.022024-12-05

CVE-2024-11316 [HIGH] CWE-770 CVE-2024-11316: Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the produ Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-48843HIGHCVSS 7.6≤ 3.08.022024-12-05

CVE-2024-48843 [HIGH] CWE-770 CVE-2024-48843: Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51546HIGHCVSS 8.7PoC≤ 3.08.022024-12-05

CVE-2024-51546 [HIGH] CWE-1287 CVE-2024-51546: Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected p Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51541HIGHCVSS 8.8≤ 3.08.022024-12-05

CVE-2024-51541 [HIGH] CWE-98 CVE-2024-51541: Local File Inclusion vulnerabilities allow access to sensitive system information. Affected product Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51544HIGHCVSS 8.8≤ 3.08.022024-12-05

CVE-2024-51544 [HIGH] CWE-15 CVE-2024-51544: Service Control vulnerabilities allow access to service restart requests and vm configuration settin Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-48844HIGHCVSS 7.2PoC≤ 3.08.022024-12-05

CVE-2024-48844 [HIGH] CWE-770 CVE-2024-48844: Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51543HIGHCVSS 8.8≤ 3.08.022024-12-05

CVE-2024-51543 [HIGH] CWE-15 CVE-2024-51543: Information Disclosure vulnerabilities allow access to application configuration information. Affec Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-48846HIGHCVSS 7.1PoC≤ 3.08.022024-12-05

CVE-2024-48846 [HIGH] CWE-352 CVE-2024-48846: Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51542HIGHCVSS 8.8≤ 3.08.022024-12-05

CVE-2024-51542 [HIGH] CWE-552 CVE-2024-51542: Configuration Download vulnerabilities allow access to dependency configuration information. Affect Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-48847HIGHCVSS 8.8≤ 3.08.012024-12-05

CVE-2024-48847 [HIGH] CWE-328 CVE-2024-48847: MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application depe MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01

nvd

CVE-2024-51554HIGHCVSS 8.8≤ 3.08.022024-12-05

CVE-2024-51554 [HIGH] CWE-193 CVE-2024-51554: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly av Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-6515HIGHCVSS 8.7≤ 3.08.022024-12-05

CVE-2024-6515 [HIGH] CWE-319 CVE-2024-6515: Web browser interface may manipulate application username/password in clear text or Base64 encoding Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-6784HIGHCVSS 8.7≤ 3.08.022024-12-05

CVE-2024-6784 [HIGH] CWE-918 CVE-2024-6784: Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthori Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-51548HIGHCVSS 8.7≤ 3.08.022024-12-05

CVE-2024-51548 [HIGH] CWE-434 CVE-2024-51548: Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB A Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

nvd

CVE-2024-6298CRITICALCVSS 9.4PoC≤ 3.08.012024-07-05

CVE-2024-6298 [CRITICAL] CWE-1287 CVE-2024-6298: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

nvd

CVE-2024-6209CRITICALCVSS 9.4PoC≤ 3.08.012024-07-05

CVE-2024-6209 [CRITICAL] CWE-552 CVE-2024-6209: Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

nvd

← Previous3 / 3