Advantech: >> Wise-Paas/rmm Security Vulnerabilities
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
CVSS Score
9.1
EPSS Score
0.002
Published
2021-05-07
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-10-31
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVSS Score
7.5
EPSS Score
0.035
Published
2019-10-31
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-10-31
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-10-31