Smeup Erp vulnerabilities
4 known vulnerabilities affecting smeup/erp.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2023-26759P2HIGHCVSS 8.8vtokyo_v6r1m2204062023-02-27
CVE-2023-26759 [HIGH] CWE-78 CVE-2023-26759: Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via cal
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.
nvd
CVE-2023-26762P3HIGHCVSS 8.8vtokyo_v6r1m2204062023-02-27
CVE-2023-26762 [HIGH] CWE-434 CVE-2023-26762: Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.
nvd
CVE-2023-26758P3HIGHCVSS 7.5vtokyo_v6r1m2204062023-02-27
CVE-2023-26758 [HIGH] CWE-22 CVE-2023-26758: Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the c
Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.
nvd
CVE-2023-26760P3HIGHCVSS 7.5vtokyo_v6r1m2204062023-02-27
CVE-2023-26760 [HIGH] CWE-312 CVE-2023-26760: Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via t
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system.
nvd