Psi Probe
Monthly
Server-side request forgery in PSI Probe up to version 5.3.0 allows authenticated attackers to conduct arbitrary network requests through the Whois lookup function. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw requires valid credentials but can be exploited remotely with minimal complexity.
Psi Probe versions up to 5.3.0 contain a denial of service vulnerability in the session expiration handler that allows authenticated remote attackers to crash the application through request manipulation. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The vulnerability affects Java-based deployments of Psi Probe used for Tomcat monitoring.
Improper access controls in PSI Probe up to version 5.3.0 allow authenticated remote attackers to manipulate session attributes through the RemoveSessAttributeController, enabling unauthorized modifications to application state. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Server-side request forgery in PSI Probe up to version 5.3.0 allows authenticated attackers to conduct arbitrary network requests through the Whois lookup function. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw requires valid credentials but can be exploited remotely with minimal complexity.
Psi Probe versions up to 5.3.0 contain a denial of service vulnerability in the session expiration handler that allows authenticated remote attackers to crash the application through request manipulation. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The vulnerability affects Java-based deployments of Psi Probe used for Tomcat monitoring.
Improper access controls in PSI Probe up to version 5.3.0 allow authenticated remote attackers to manipulate session attributes through the RemoveSessAttributeController, enabling unauthorized modifications to application state. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.