Advantech

Iview

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-53475

  • EPSS 0.19%
  • Veröffentlicht 10.07.2025 23:23:38
  • Zuletzt bearbeitet 23.07.2025 19:19:37

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters ...

5.3

CVE-2025-46704

  • EPSS 0.06%
  • Veröffentlicht 10.07.2025 23:19:32
  • Zuletzt bearbeitet 23.07.2025 19:20:26

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not pr...

7.6

CVE-2025-48891

  • EPSS 0.06%
  • Veröffentlicht 10.07.2025 23:17:45
  • Zuletzt bearbeitet 23.07.2025 19:20:18

A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading...

5.4

CVE-2025-41442

  • EPSS 0.03%
  • Veröffentlicht 10.07.2025 23:15:27
  • Zuletzt bearbeitet 23.07.2025 19:20:42

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's ...

5.4

CVE-2025-53519

  • EPSS 0.03%
  • Veröffentlicht 10.07.2025 23:14:37
  • Zuletzt bearbeitet 23.07.2025 19:19:55

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's brows...

6.1

CVE-2025-53397

  • EPSS 0.03%
  • Veröffentlicht 10.07.2025 23:13:27
  • Zuletzt bearbeitet 01.08.2025 19:19:25

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentia...

7.5

CVE-2023-52335

  • EPSS 0.53%
  • Veröffentlicht 22.11.2024 20:15:07
  • Zuletzt bearbeitet 09.01.2025 16:05:53

Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to expl...

8.8

CVE-2023-3983

Exploit
  • EPSS 0.11%
  • Veröffentlicht 31.07.2023 19:15:18
  • Zuletzt bearbeitet 21.11.2024 08:18:28

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

7.5

CVE-2022-3323

Exploit
  • EPSS 0.11%
  • Veröffentlicht 27.09.2022 23:15:15
  • Zuletzt bearbeitet 21.05.2025 15:15:59

An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter...

9.8

CVE-2022-2143

Exploit
  • EPSS 58.31%
  • Veröffentlicht 22.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:25

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.