Blue
Monthly
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
Explorance Blue before 8.14.13 has an authenticated remote file download vulnerability in a web service that allows downloading arbitrary files from the server.
Explorance Blue before 8.14.9 has an authenticated file upload vulnerability allowing administrators to upload executable files to the server.
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. [CVSS 8.6 HIGH]
Explorance Blue versions before 8.14.9 have a CVSS 10.0 SQL injection vulnerability enabling unauthenticated attackers to fully compromise the survey and assessment database.
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
Explorance Blue before 8.14.13 has an authenticated remote file download vulnerability in a web service that allows downloading arbitrary files from the server.
Explorance Blue before 8.14.9 has an authenticated file upload vulnerability allowing administrators to upload executable files to the server.
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. [CVSS 8.6 HIGH]
Explorance Blue versions before 8.14.9 have a CVSS 10.0 SQL injection vulnerability enabling unauthenticated attackers to fully compromise the survey and assessment database.
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.