cbcvebase.

Advantech Wise-Paas Rmm vulnerabilities

5 known vulnerabilities affecting advantech/wise-paas_rmm.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-13551P2CRITICALCVSS 9.8≤ 3.3.292019-10-31
CVE-2019-13551 [CRITICAL] CWE-22 CVE-2019-13551: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a l Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
nvd
CVE-2019-13547P3CRITICALCVSS 9.8≤ 3.3.292019-10-31
CVE-2019-13547 [CRITICAL] CWE-862 CVE-2019-13547: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyon Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
nvd
CVE-2021-27437P3CRITICALCVSS 9.1fixed in 9.0.12021-05-07
CVE-2021-27437 [CRITICAL] CWE-798 CVE-2021-27437: The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
nvd
CVE-2019-18227P3HIGHCVSS 7.5≤ 3.3.292019-10-31
CVE-2019-18227 [HIGH] CWE-611 CVE-2019-18227: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclos Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
nvd
CVE-2019-18229P3MEDIUMCVSS 6.5≤ 3.3.292019-10-31
CVE-2019-18229 [MEDIUM] CWE-89 CVE-2019-18229: Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input caus Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
nvd
Advantech Wise-Paas Rmm vulnerabilities | cvebase