本ページは computrols computrols_building_automation_software に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-10848 | Computrols CBAS 18.0.0 allows Username Enumeration. | [email protected] | 5.3 | 8.49% | 2019-05-24 | 2026-06-16 |
| CVE-2019-10847 | Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | [email protected] | 8.8 | 2.42% | 2019-05-24 | 2026-06-16 |
| CVE-2019-10850 | Computrols CBAS 18.0.0 has Default Credentials. | [email protected] | 9.8 | 1.95% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10849 | Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | [email protected] | 7.5 | 9.01% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10855 | Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | [email protected] | 7.5 | 1.00% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10854 | Computrols CBAS 18.0.0 allows Authenticated Command Injection. | [email protected] | 8.8 | 2.99% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10853 | Computrols CBAS 18.0.0 allows Authentication Bypass. | [email protected] | 8.1 | 1.66% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10852 | Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | [email protected] | 8.8 | 1.75% | 2019-05-23 | 2026-06-16 |
| CVE-2019-10851 | Computrols CBAS 18.0.0 has hard-coded encryption keys. | [email protected] | 6.5 | 0.67% | 2019-05-23 | 2026-06-16 |