Skip to main content

Cnmaestro

7 CVEs product

Monthly

CVE-2022-1362 HIGH This Week

The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cnmaestro
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-1361 HIGH This Week

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cnmaestro
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1360 CRITICAL Act Now

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cnmaestro
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-1359 HIGH This Week

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Cnmaestro
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1358 HIGH This Week

The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cnmaestro
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-1357 CRITICAL Act Now

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cnmaestro
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-1356 HIGH This Week

cnMaestro is vulnerable to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Cnmaestro
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 1% CVSS 7.3
HIGH This Week

The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cnmaestro
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cnmaestro
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cnmaestro
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Cnmaestro
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cnmaestro
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cnmaestro
NVD
EPSS 0% CVSS 7.8
HIGH This Week

cnMaestro is vulnerable to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Cnmaestro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy