Scytl

Secure Vote

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-25020

Exploit
  • EPSS 0.24%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:39:45

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.

7.5

CVE-2019-25021

Exploit
  • EPSS 0.26%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:39:45

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.

9.8

CVE-2019-25022

Exploit
  • EPSS 0.51%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:39:45

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.

6.5

CVE-2019-25023

Exploit
  • EPSS 0.29%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:39:45

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.