cbcvebase.

Archibus Web Central vulnerabilities

5 known vulnerabilities affecting archibus/web_central.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-28862P2CRITICALCVSS 9.8fixed in 26.22022-05-25
CVE-2022-28862 [CRITICAL] CWE-89 CVE-2022-28862: In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plainc In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions,
nvd
CVE-2021-41553P3CRITICALCVSS 9.8v21.3.3.8152021-10-05
CVE-2021-41553 [CRITICAL] CWE-384 CVE-2021-41553: In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axv In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is als
nvd
CVE-2021-41554P3HIGHCVSS 8.8v21.3.3.8152021-10-05
CVE-2021-41554 [HIGH] CWE-862 CVE-2021-41554: ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.a
nvd
CVE-2022-45165P3HIGHCVSS 8.8v2022.03.01.1072023-01-10
CVE-2022-45165 [HIGH] CWE-89 CVE-2022-45165: An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.
nvd
CVE-2021-41555P4MEDIUMCVSS 6.1v21.3.3.8152021-10-05
CVE-2021-41555 [MEDIUM] CWE-79 CVE-2021-41555: In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) i
nvd
Archibus Web Central vulnerabilities | cvebase