cbcvebase.

Easyvirt Co2Scope vulnerabilities

6 known vulnerabilities affecting easyvirt/co2scope.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-55062P2CRITICALCVSS 9.8≤ 1.3.02025-01-31
CVE-2024-55062 [CRITICAL] CWE-77 CVE-2024-55062: Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauth Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.
nvd
CVE-2024-57587P2CRITICALCVSS 9.1≤ 1.3.02025-01-31
CVE-2024-57587 [CRITICAL] CWE-89 CVE-2024-57587: Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.
nvd
CVE-2024-53355P3HIGHCVSS 8.8≤ 1.3.02025-01-31
CVE-2024-53355 [HIGH] CWE-281 CVE-2024-53355: Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows r Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/ali
nvd
CVE-2024-53356P3CRITICALCVSS 9.8≤ 1.3.02025-01-31
CVE-2024-53356 [CRITICAL] CWE-798 CVE-2024-53356: Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote atta Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWT
nvd
CVE-2024-53357P3HIGHCVSS 7.5≤ 1.3.02025-01-31
CVE-2024-53357 [HIGH] CWE-798 CVE-2024-53357: Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliase
nvd
CVE-2024-53354P3MEDIUMCVSS 6.5≤ 1.3.02025-01-31
CVE-2024-53354 [MEDIUM] CWE-89 CVE-2024-53354: Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to /api/audit/findmetawatcher; the (4) user parameter to /api/audit/findmetaalert; the (5)
nvd
Easyvirt Co2Scope vulnerabilities | cvebase