彙總 computrols 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與CSRF 等問題,部分漏洞可能導致 資料外洩,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2019-10848 | Computrols CBAS 18.0.0 allows Username Enumeration. | [email protected] | 5.3 | 4.96% | 2019-05-24 | 2024-11-21 |
| CVE-2019-10847 | Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | [email protected] | 8.8 | 0.44% | 2019-05-24 | 2024-11-21 |
| CVE-2019-10850 | Computrols CBAS 18.0.0 has Default Credentials. | [email protected] | 9.8 | 0.39% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10849 | Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | [email protected] | 7.5 | 11.54% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10846 | Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. | [email protected] | 6.1 | 2.24% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10855 | Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | [email protected] | 7.5 | 0.15% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10854 | Computrols CBAS 18.0.0 allows Authenticated Command Injection. | [email protected] | 8.8 | 16.13% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10853 | Computrols CBAS 18.0.0 allows Authentication Bypass. | [email protected] | 8.1 | 0.43% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10852 | Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | [email protected] | 8.8 | 0.12% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10851 | Computrols CBAS 18.0.0 has hard-coded encryption keys. | [email protected] | 6.5 | 0.12% | 2019-05-23 | 2024-11-21 |