Sicommnet Basec vulnerabilities
3 known vulnerabilities affecting sicommnet/basec.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-22371P2CRITICALCVSS 9.3≥ 14 Dec 2021, ≤ 16 April 2025 23:00 EST2025-04-14
CVE-2025-22371 [CRITICAL] CWE-89 CVE-2025-22371: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulne
nvd
CVE-2025-22372P3CRITICALCVSS 9.3≥ 14 Dec 2021, ≤ *2025-04-14
CVE-2025-22372 [CRITICAL] CWE-522 CVE-2025-22372: Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recove
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.
Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.
This issue affects BASEC: from 14 Dec 2021.
nvd
CVE-2025-22373P3HIGHCVSS 8.7≥ 14 Dec 2021, ≤ *2025-04-14
CVE-2025-22373 [HIGH] CWE-79 CVE-2025-22373: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles
This issue affects BASEC: from 14 Dec 2021.
nvd