Aggregates CVE and security vulnerability intelligence across all dorsettcontrols-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-42493 | Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. | [email protected] | 6.9 | 0.52% | 2024-08-08 | 2024-08-29 |
| CVE-2024-42408 | The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | [email protected] | 6.9 | 0.59% | 2024-08-08 | 2024-08-29 |
| CVE-2024-39287 | Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. | [email protected] | 6.9 | 0.54% | 2024-08-08 | 2024-08-29 |