cbcvebase.

Barco Control Room Management Suite vulnerabilities

9 known vulnerabilities affecting barco/control_room_management_suite.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2022-26233P2HIGHCVSS 7.5PoC≤ 2.92022-04-03
CVE-2022-26233 [HIGH] CWE-22 CVE-2022-26233: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to direct Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
nvd
CVE-2022-26975P3HIGHCVSS 7.5fixed in 3.14.12022-06-02
CVE-2022-26975 [HIGH] CWE-287 CVE-2022-26975: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
nvd
CVE-2022-26971P4MEDIUMCVSS 5.3fixed in 3.14.12022-06-02
CVE-2022-26971 [MEDIUM] CWE-306 CVE-2022-26971: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.
nvd
CVE-2022-26977P4MEDIUMCVSS 6.1fixed in 3.14.12022-06-02
CVE-2022-26977 [MEDIUM] CWE-79 CVE-2022-26977: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
nvd
CVE-2022-26974P4MEDIUMCVSS 6.1fixed in 3.14.12022-06-02
CVE-2022-26974 [MEDIUM] CWE-79 CVE-2022-26974: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
nvd
CVE-2022-26976P4MEDIUMCVSS 5.4fixed in 3.14.12022-06-02
CVE-2022-26976 [MEDIUM] CWE-79 CVE-2022-26976: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
nvd
CVE-2022-26972P4MEDIUMCVSS 6.1fixed in 3.14.12022-06-02
CVE-2022-26972 [MEDIUM] CWE-79 CVE-2022-26972: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
nvd
CVE-2022-26973P4MEDIUMCVSS 5.3fixed in 3.14.12022-06-02
CVE-2022-26973 [MEDIUM] CWE-209 CVE-2022-26973: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
nvd
CVE-2022-26978P4MEDIUMCVSS 6.1fixed in 3.14.12022-06-02
CVE-2022-26978 [MEDIUM] CWE-79 CVE-2022-26978: Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
nvd
Barco Control Room Management Suite vulnerabilities | cvebase