This page aggregates publicly disclosed CVE and security risk information related to scytl, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-25023 | An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. | [email protected] | 6.5 | 0.29% | 2021-02-27 | 2024-11-21 |
| CVE-2019-25022 | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | [email protected] | 9.8 | 0.51% | 2021-02-27 | 2024-11-21 |
| CVE-2019-25021 | An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | [email protected] | 7.5 | 0.26% | 2021-02-27 | 2024-11-21 |
| CVE-2019-25020 | An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | [email protected] | 7.5 | 0.24% | 2021-02-27 | 2024-11-21 |