Agilepoint Nx
Monthly
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.