B Braun Melsungen Ag Onlinesuite vulnerabilities
6 known vulnerabilities affecting b_braun_melsungen_ag/onlinesuite.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-25172P2CRITICALCVSS 9.8≥ AP, ≤ 3.02020-11-06
CVE-2020-25172 [CRITICAL] CWE-23 CVE-2020-25172: A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unaut
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
nvd
CVE-2025-3322P2CRITICALCVSS 10.0v3.02025-06-06
CVE-2025-3322 [CRITICAL] CWE-917 CVE-2025-3322: An improper neutralization of inputs used in expression language allows remote code execution with t
An improper neutralization of inputs used in expression
language allows remote code execution with the highest privileges on the
server.
nvd
CVE-2025-3365P2CRITICALCVSS 9.8v3.02025-06-06
CVE-2025-3365 [CRITICAL] CWE-23 CVE-2025-3365: A missing protection against path traversal allows to access any file on the server.
A missing protection against path traversal allows to access
any file on the server.
nvd
CVE-2025-3321P3CRITICALCVSS 9.4v3.02025-06-06
CVE-2025-3321 [CRITICAL] CWE-798 CVE-2025-3321: A predefined administrative account is not documented and cannot be deactivated. This account cannot
A predefined administrative account is not documented and cannot
be deactivated. This account cannot be misused from the network, only by local
users on the server.
nvd
CVE-2020-25170P3HIGHCVSS 7.8≥ AP, ≤ 3.02020-11-06
CVE-2020-25170 [HIGH] CWE-1236 CVE-2020-25170: An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Vers
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
nvd
CVE-2020-25174P4HIGHCVSS 7.8≥ AP, ≤ 3.02020-11-06
CVE-2020-25174 [HIGH] CWE-427 CVE-2020-25174: A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local at
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.
nvd