Aggregates CVE and security vulnerability intelligence across all deltek-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact file overwrite and vendor impact data exposure across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-12314 | Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | [email protected] | 9.8 | 90.41% | 2019-05-24 | 2024-11-21 |
| CVE-2018-18251 | Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authentica | [email protected] | 9.8 | 0.79% | 2019-04-24 | 2024-11-21 |
| CVE-2018-20221 | Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application. | [email protected] | 8.8 | 4.56% | 2019-03-21 | 2024-11-21 |