U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:advantech:iview:5.7.03.6112:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

Published: July 31, 2023; 3:15:18 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-2143

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-2142

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2022-2139

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-2137

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2022-2136

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-2135

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.

Published: July 22, 2022; 11:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-32932

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).

Published: June 11, 2021; 1:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).

Published: June 11, 2021; 1:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH