Ave Dominaplus vulnerabilities
3 known vulnerabilities affecting ave/dominaplus.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-21991P2CRITICALCVSS 9.8≥ 1.10.11, ≤ 1.10.772021-04-28
CVE-2020-21991 [CRITICAL] CWE-287 CVE-2020-21991: AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control c
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface wit
nvd
CVE-2020-21994P2CRITICALCVSS 9.8≥ 1.10.11, ≤ 1.10.772021-04-28
CVE-2020-21994 [CRITICAL] CWE-522 CVE-2020-21994: AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
nvd
CVE-2020-21996P3HIGHCVSS 7.5≥ 1.8.4, ≤ 1.10.772021-04-28
CVE-2020-21996 [HIGH] CWE-306 CVE-2020-21996: AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can expl
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
nvd