Shodan
Vulnerabilities
Vulnerable Software
Nasa:  Security Vulnerabilities
CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
CVSS Score
7.3
EPSS Score
0.014
Published
2024-05-21
CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-21
CVE-2024-35057
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-05-21
CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-21
CVE-2023-45884
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
CVE-2023-45885
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-09
CVE-2023-45282
In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-06
CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-20
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-20
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved