彙總 visualware 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本、XXE與路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-42035 | Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to | [email protected] | 6.5 | 0.33% | 2024-05-03 | 2025-08-08 |
| CVE-2023-42034 | Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary scrip | [email protected] | 8.8 | 0.37% | 2024-05-03 | 2025-08-08 |
| CVE-2023-42033 | Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the doPostUploadfiles method. The issue results from the lack of proper validation of a user-supplied path pr | [email protected] | 7.2 | 1.61% | 2024-05-03 | 2025-08-08 |
| CVE-2023-42032 | Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose information in the | [email protected] | 7.5 | 0.61% | 2024-05-03 | 2025-08-08 |
| CVE-2021-27198 | An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | [email protected] | 9.8 | 14.15% | 2021-02-26 | 2024-11-21 |
| CVE-2021-27509 | In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | [email protected] | 7.5 | 0.28% | 2021-02-19 | 2024-11-21 |
| CVE-2015-2043 | Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem. | [email protected] | 4.3 | 0.32% | 2015-02-25 | 2026-05-06 |
| CVE-2014-5113 | Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. | [email protected] | 4.3 | 0.33% | 2014-07-28 | 2026-05-06 |