Shodan
Vulnerabilities
Vulnerable Software
Plextrac:  >> Plextrac  Security Vulnerabilities
CVE-2024-12687
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-16
CVE-2024-11838
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-13
CVE-2024-11839
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-12-13
CVE-2024-11833
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-12-13
CVE-2024-11834
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-12-13
CVE-2024-11835
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-12-13
CVE-2024-11836
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-13
CVE-2024-11837
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-12-13
CVE-2022-37144
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-09-08
CVE-2022-37145
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved