Etq Reliance Cg vulnerabilities
4 known vulnerabilities affecting etq/reliance_cg.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-34143P1CRITICALCVSS 9.3ExploitedPoCfixed in MP-45832025-07-22
CVE-2025-34143 [CRITICAL] CWE-78 CVE-2025-34143: An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The appli
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an
nvd
CVE-2025-34141P2MEDIUMCVSS 5.1ExploitedPoCfixed in SE.2025.12025-07-22
CVE-2025-34141 [MEDIUM] CWE-79 CVE-2025-34141: A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform wit
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authent
nvd
CVE-2025-34140P2HIGHCVSS 8.7fixed in SE.2025.12025-07-22
CVE-2025-34140 [HIGH] CWE-639 CVE-2025-34140: An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been correc
nvd
CVE-2025-34142P3MEDIUMCVSS 6.9fixed in SE.2025.1fixed in 2025.1.22025-07-22
CVE-2025-34142 [MEDIUM] CWE-611 CVE-2025-34142: An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platf
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external entity references. This could enable attackers to r
nvd