- EPSS 0.03%
- Veröffentlicht 13.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 07:34:34
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and thro...
CVE-2022-42785
- EPSS 0.54%
- Veröffentlicht 15.11.2022 21:15:38
- Zuletzt bearbeitet 21.11.2024 07:25:20
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
CVE-2022-42786
- EPSS 0.06%
- Veröffentlicht 10.11.2022 12:15:10
- Zuletzt bearbeitet 21.11.2024 07:25:20
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
CVE-2022-42787
- EPSS 1.72%
- Veröffentlicht 10.11.2022 12:15:10
- Zuletzt bearbeitet 21.11.2024 07:25:20
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the ...