Sysguard 6001
Monthly
Stored cross-site scripting in SYSGUARD 6001 (versions 2.0.2 through before 6.1.4.0) by Eksagate Electronic Engineering and Computer Industry Trade Inc. permits remote unauthenticated attackers to inject persistent malicious scripts into the product's web interface, which execute in the browsers of any user who subsequently views the affected page. The vendor has confirmed the product is end-of-life and unsupported, meaning no patch will ever be issued, leaving all in-scope deployments permanently vulnerable. No public exploit code or CISA KEV listing exists at time of analysis.
Blind SQL injection in Eksagate SYSGUARD 6001 (versions 2.0.2 up to but not including 6.1.16.0) lets remote unauthenticated attackers inject crafted SQL through improperly neutralized input, enabling extraction or manipulation of backend database contents. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) rates it 9.8 Critical with full confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, but the vendor has confirmed the product is no longer supported, so no fix will be issued for affected branches.
Stored cross-site scripting in SYSGUARD 6001 (versions 2.0.2 through before 6.1.4.0) by Eksagate Electronic Engineering and Computer Industry Trade Inc. permits remote unauthenticated attackers to inject persistent malicious scripts into the product's web interface, which execute in the browsers of any user who subsequently views the affected page. The vendor has confirmed the product is end-of-life and unsupported, meaning no patch will ever be issued, leaving all in-scope deployments permanently vulnerable. No public exploit code or CISA KEV listing exists at time of analysis.
Blind SQL injection in Eksagate SYSGUARD 6001 (versions 2.0.2 up to but not including 6.1.16.0) lets remote unauthenticated attackers inject crafted SQL through improperly neutralized input, enabling extraction or manipulation of backend database contents. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) rates it 9.8 Critical with full confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, but the vendor has confirmed the product is no longer supported, so no fix will be issued for affected branches.