appspace 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk csrf, and vendor risk ssrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-27704 | Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page. | [email protected] | 6.5 | 0.16% | 2024-11-12 | 2025-06-27 |
| CVE-2021-27990 | Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | [email protected] | 7.5 | 0.56% | 2021-04-14 | 2024-11-21 |
| CVE-2021-27989 | Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. | [email protected] | 5.4 | 0.18% | 2021-04-14 | 2024-11-21 |
| CVE-2021-27670 | Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | [email protected] | 9.8 | 92.84% | 2021-02-25 | 2024-11-21 |
| CVE-2021-27564 | A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. | [email protected] | 5.4 | 0.42% | 2021-02-22 | 2024-11-21 |
| CVE-2020-5393 | In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. | [email protected] | 6.1 | 0.30% | 2020-01-07 | 2024-11-21 |