iagona 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
Historical issues mainly involve パス処理の欠陥 and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-38257 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | [email protected] | 7.5 | 0.64% | 2023-07-18 | 2024-11-21 |
| CVE-2023-35763 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | [email protected] | 5.5 | 0.21% | 2023-07-18 | 2024-11-21 |
| CVE-2023-35189 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. | [email protected] | 10.0 | 0.91% | 2023-07-18 | 2024-11-21 |
| CVE-2023-33871 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. | [email protected] | 7.5 | 1.16% | 2023-07-18 | 2024-11-21 |