Skip to main content

V2I Hub

8 CVEs product

Monthly

CVE-2018-1000631 CRITICAL Act Now

Battelle V2I Hub 3.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000630 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP V2I Hub
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2018-1000629 MEDIUM This Month

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP V2I Hub
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1000628 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000627 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000626 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000625 CRITICAL Act Now

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000624 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service PHP V2I Hub
NVD
CVSS 3.0
7.5
EPSS
2.2%
EPSS 2% CVSS 9.8
CRITICAL Act Now

Battelle V2I Hub 3.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi V2I Hub
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP V2I Hub
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP V2I Hub
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy