Aggregates CVE and security vulnerability intelligence across all unisoon-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection; exposure may include vendor impact data exposure in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-3936 | UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | [email protected] | 10.0 | 1.25% | 2020-03-27 | 2026-06-17 |
| CVE-2020-3921 | UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | [email protected] | 8.6 | 0.71% | 2020-03-27 | 2026-06-17 |
| CVE-2020-3920 | UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. | [email protected] | 8.1 | 0.84% | 2020-03-27 | 2026-06-17 |