Security Vulnerabilities - CVEs Published In June 2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.
CVSS Score
8.8
EPSS Score
0.023
Published
2023-06-12
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.
CVSS Score
9.8
EPSS Score
0.03
Published
2023-06-12
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.
CVSS Score
8.8
EPSS Score
0.023
Published
2023-06-12
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.
CVSS Score
10.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 stores login credentials in cleartext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
CVSS Score
9.9
EPSS Score
0.007
Published
2023-06-11
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-11