cbcvebase.

Vembu Bdr Suite vulnerabilities

5 known vulnerabilities affecting vembu/bdr_suite.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2021-26472P2CRITICALCVSS 9.8fixed in 4.2.0.12021-06-08
CVE-2021-26472 [CRITICAL] CWE-78 CVE-2021-26472: In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API loca In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
nvd
CVE-2021-26471P2CRITICALCVSS 9.8fixed in 4.2.0.12021-06-08
CVE-2021-26471 [CRITICAL] CVE-2021-26471: In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_ In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
nvd
CVE-2021-26473P3CRITICALCVSS 9.8fixed in 4.2.0.12021-06-08
CVE-2021-26473 [CRITICAL] CWE-434 CVE-2021-26473: In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
nvd
CVE-2021-26474P3HIGHCVSS 8.8fixed in 4.2.02021-06-08
CVE-2021-26474 [HIGH] CWE-352 CVE-2021-26474: Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forge Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
nvd
CVE-2021-43458P3HIGHCVSS 7.8v4.2.0.12022-04-04
CVE-2021-43458 [HIGH] CWE-428 CVE-2021-43458: An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in th An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
nvd
Vembu Bdr Suite vulnerabilities | cvebase