itarian 漏洞與 CVE 列表(3)

產品(CPE): — CVE 數: 3

itarian 漏洞概覽

彙總 itarian 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本 等安全問題,並影響 歸檔處理、檔案處理與自動化解壓 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 133 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2022-25153 The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. [email protected] 7.8 0.34% 2022-06-09 2026-06-17
CVE-2022-25152 The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and ful [email protected] 9.9 1.66% 2022-06-09 2026-06-17
CVE-2022-25151 Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. [email protected] 7.5 0.76% 2022-06-09 2026-06-17
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence