Skip to main content

Enterprise Content Management

3 CVEs product

Monthly

CVE-2023-47261 CRITICAL POC Act Now

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Enterprise Content Management
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-41391 MEDIUM POC This Month

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson XSS Enterprise Content Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41390 HIGH POC This Week

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Code Injection Enterprise Content Management
NVD
CVSS 3.1
8.0
EPSS
1.1%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Enterprise Content Management
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson XSS Enterprise Content Management
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Code Injection Enterprise Content Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy