Aggregates CVE and security vulnerability intelligence across all meteocontrol-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-4504 | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | [email protected] | 8.8 | 0.07% | 2017-03-21 | 2026-05-13 |
| CVE-2016-2298 | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | [email protected] | 9.8 | 73.03% | 2016-05-14 | 2026-05-06 |
| CVE-2016-2297 | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature." | [email protected] | 9.4 | 1.59% | 2016-05-14 | 2026-05-06 |
| CVE-2016-2296 | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | [email protected] | 9.4 | 75.31% | 2016-05-14 | 2026-05-06 |