Areal-Topkapi: Security Vulnerabilities
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-22
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-01-31
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-31