Skip to main content

Webreports

5 CVEs product

Monthly

CVE-2020-7573 MEDIUM PATCH This Month

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Webreports
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-7572 HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE Webreports
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7571 MEDIUM PATCH This Month

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-7570 MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-7569 HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD
CVSS 3.1
8.8
EPSS
2.3%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Webreports
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy