nch 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥 and vendor risk cross-site scripting に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-37441 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | [email protected] | 8.8 | 0.50% | 2021-07-25 | 2024-11-21 |
| CVE-2021-37440 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | [email protected] | 6.5 | 0.23% | 2021-07-25 | 2024-11-21 |
| CVE-2021-37439 | NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | [email protected] | 6.5 | 0.38% | 2021-07-25 | 2024-11-21 |
| CVE-2021-37469 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | [email protected] | 6.5 | 0.48% | 2021-07-25 | 2024-11-21 |
| CVE-2021-37468 | NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | [email protected] | 3.3 | 0.04% | 2021-07-25 | 2024-11-21 |
| CVE-2021-37452 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | [email protected] | 5.5 | 0.04% | 2021-07-25 | 2024-11-21 |
| CVE-2018-11552 | There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | [email protected] | 6.1 | 2.44% | 2018-06-01 | 2024-11-21 |
| CVE-2018-11551 | AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | [email protected] | 7.8 | 1.43% | 2018-06-01 | 2024-11-21 |
| CVE-2009-4038 | Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 0.32% | 2009-11-20 | 2026-04-23 |