Axway Securetransport vulnerabilities
3 known vulnerabilities affecting axway/securetransport.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2012-4991P3HIGHCVSS 8.5PoC≤ 5.12012-12-13
CVE-2012-4991 [HIGH] CWE-22 CVE-2012-4991: Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remo
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
nvd
CVE-2019-14277P2CRITICALCVSS 9.8v5.2.1v5.3.0+3 more2019-07-26
CVE-2019-14277 [CRITICAL] CWE-91 CVE-2019-14277: Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnera
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: Th
nvd
CVE-2013-7057P3MEDIUMCVSS 6.8PoC≤ 5.12014-11-04
CVE-2013-7057 [MEDIUM] CWE-352 CVE-2013-7057: Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
nvd