cbcvebase.

Visualware Myconnection Server vulnerabilities

8 known vulnerabilities affecting visualware/myconnection_server.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-27198P2CRITICALCVSS 9.8fixed in 11.1a2021-02-26
CVE-2021-27198 [CRITICAL] CWE-434 CVE-2021-27198: An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one
nvd
CVE-2023-42033P3HIGHCVSS 7.2v11.3c2024-05-03
CVE-2023-42033 [HIGH] CWE-22 CVE-2023-42033: Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerabi Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypass
nvd
CVE-2023-42034P3HIGHCVSS 8.8v11.3c2024-05-03
CVE-2023-42034 [HIGH] CWE-79 CVE-2023-42034: Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulner Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccess
nvd
CVE-2023-42032P3HIGHCVSS 7.5v11.3c2024-05-03
CVE-2023-42032 [HIGH] CWE-749 CVE-2023-42032: Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vuln Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTA
nvd
CVE-2021-27509P3HIGHCVSS 7.5≤ 11.0bv11.0b2021-02-19
CVE-2021-27509 [HIGH] CWE-863 CVE-2021-27509: In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated w In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
nvd
CVE-2023-42035P3MEDIUMCVSS 6.5v11.3c2024-05-03
CVE-2023-42035 [MEDIUM] CWE-611 CVE-2023-42035: Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vuln Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doI
nvd
CVE-2014-5113P4MEDIUMCVSS 4.3v9.7i2014-07-28
CVE-2014-5113 [MEDIUM] CWE-79 CVE-2014-5113: Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9. Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.
nvd
CVE-2015-2043P4MEDIUMCVSS 4.3v8.2b2015-02-25
CVE-2015-2043 [MEDIUM] CWE-79 CVE-2015-2043: Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow rem Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.
nvd
Visualware Myconnection Server vulnerabilities | cvebase