Efstechnology Autoform Pdm Archive vulnerabilities
4 known vulnerabilities affecting efstechnology/autoform_pdm_archive.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2012-3347P1MEDIUMCVSS 6.0ExploitedRansomware≤ 6.920v6.92012-06-13
CVE-2012-3347 [MEDIUM] CVE-2012-3347: AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authen
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.
nvd
CVE-2012-1828P4MEDIUMCVSS 6.5≤ 7.0v6.9202012-06-13
CVE-2012-1828 [MEDIUM] CWE-264 CVE-2012-1828: The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requiremen
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.
nvd
CVE-2012-1827P4MEDIUMCVSS 6.5≤ 7.0v6.9202012-06-13
CVE-2012-1827 [MEDIUM] CWE-264 CVE-2012-1827: The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which a
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.
nvd
CVE-2012-1829P4LOWCVSS 3.5≤ 6.92012-06-13
CVE-2012-1829 [LOW] CWE-79 CVE-2012-1829: Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remot
Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
nvd