Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Agents are able to see and link Config Items without permissions, which are defined in General Catalog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.