) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:advantech:iview:5.7.02:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-2143 |
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-2142 |
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 5.9 MEDIUM V2.0:(not available) |
| CVE-2022-2139 |
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-2138 |
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-2137 |
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2022-2136 |
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-2135 |
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Published: July 22, 2022; 11:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2021-32932 |
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Published: June 11, 2021; 1:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-32930 |
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). Published: June 11, 2021; 1:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-22658 |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Published: February 11, 2021; 1:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-22656 |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Published: February 11, 2021; 1:15:17 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-22654 |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Published: February 11, 2021; 1:15:17 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-22652 |
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Published: February 11, 2021; 1:15:17 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |