Idera: Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-14
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-08-27
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVSS Score
7.5
EPSS Score
0.072
Published
2017-07-20
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-07-20
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-07-20
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-06-10
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
CVSS Score
5.3
EPSS Score
0.003
Published
2015-12-31
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
CVSS Score
7.3
EPSS Score
0.018
Published
2015-12-31
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
CVSS Score
5.3
EPSS Score
0.005
Published
2015-12-31