- EPSS 0.03%
- Published 13.12.2022 08:15:10
- Last modified 21.11.2024 07:34:34
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and thro...
CVE-2022-42785
- EPSS 0.54%
- Published 15.11.2022 21:15:38
- Last modified 21.11.2024 07:25:20
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
CVE-2022-42786
- EPSS 0.06%
- Published 10.11.2022 12:15:10
- Last modified 21.11.2024 07:25:20
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
CVE-2022-42787
- EPSS 1.72%
- Published 10.11.2022 12:15:10
- Last modified 21.11.2024 07:25:20
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the ...