Plextrac
Monthly
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.61.3 before 2.8.1. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.61.3 before 2.8.1. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.