) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:vembu:bdr_suite:3.9.1:update1:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-26474 |
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) Published: June 08, 2021; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-26473 |
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server. Published: June 08, 2021; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-26472 |
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. Published: June 08, 2021; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2021-26471 |
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. Published: June 08, 2021; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |