Aggregates CVE and security vulnerability intelligence across all iagona-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-38257 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | [email protected] | 7.5 | 0.26% | 2023-07-18 | 2024-11-21 |
| CVE-2023-35763 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | [email protected] | 5.5 | 0.06% | 2023-07-18 | 2024-11-21 |
| CVE-2023-35189 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. | [email protected] | 10.0 | 0.52% | 2023-07-18 | 2024-11-21 |
| CVE-2023-33871 | Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. | [email protected] | 7.5 | 0.71% | 2023-07-18 | 2024-11-21 |