) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:opmantek:open-audit:4.0.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-40612 |
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. Published: December 22, 2021; 8:15:07 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-3333 |
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. Published: February 05, 2021; 9:15:19 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-3130 |
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. Published: January 20, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |