Vsecurity: >> Tandberg Video Communication Server >> x4.2.1 Security Vulnerabilities
The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.
CVSS Score
8.5
EPSS Score
0.006
Published
2010-04-13
Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.
CVSS Score
4.0
EPSS Score
0.017
Published
2010-04-13
Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-04-13
Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773.
CVSS Score
10.0
EPSS Score
0.03
Published
2010-04-13