Vince
Monthly
VINCE versions 3.0.38 and earlier fail to properly verify sender address authenticity due to encoding confusion, allowing unauthenticated remote attackers to forge email From addresses and trigger automated actions such as ticket creation or updates. The vulnerability combines information disclosure with integrity impact, affecting the reliability of ticket management workflows that depend on sender validation.
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VINCE versions 3.0.38 and earlier fail to properly verify sender address authenticity due to encoding confusion, allowing unauthenticated remote attackers to forge email From addresses and trigger automated actions such as ticket creation or updates. The vulnerability combines information disclosure with integrity impact, affecting the reliability of ticket management workflows that depend on sender validation.
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.