cbcvebase.

Eibiz Co Ltd I-Media Server Digital Signage vulnerabilities

4 known vulnerabilities affecting eibiz_co_ltd/i-media_server_digital_signage.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2020-36892P2CRITICALCVSS 9.8≤ 3.8.02025-12-10
CVE-2020-36892 [CRITICAL] CWE-306 CVE-2020-36892: Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerab Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.
nvd
CVE-2020-36894P3HIGHCVSS 7.5≤ 3.8.02025-12-10
CVE-2020-36894 [HIGH] CWE-306 CVE-2020-36894: Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allo Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security contro
nvd
CVE-2020-36893P3HIGHCVSS 7.5≤ 3.8.02025-12-10
CVE-2020-36893 [HIGH] CWE-22 CVE-2020-36893: Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini.
nvd
CVE-2020-36895P3HIGHCVSS 7.5≤ 3.8.02025-12-10
CVE-2020-36895 [HIGH] CWE-639 CVE-2020-36895: EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vuln EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection detai
nvd
Eibiz Co Ltd I-Media Server Digital Signage vulnerabilities | cvebase