Netvision

Airpass

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-0455

  • EPSS 1.83%
  • Veröffentlicht 16.01.2025 02:15:27
  • Zuletzt bearbeitet 16.01.2025 02:15:27

The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

9.8

CVE-2025-0456

  • EPSS 1.15%
  • Veröffentlicht 16.01.2025 02:15:27
  • Zuletzt bearbeitet 16.01.2025 02:15:27

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.

8.8

CVE-2025-0457

  • EPSS 1.69%
  • Veröffentlicht 16.01.2025 02:15:27
  • Zuletzt bearbeitet 16.01.2025 02:15:27

The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.

6.1

CVE-2024-3776

  • EPSS 0.21%
  • Veröffentlicht 15.04.2024 04:15:16
  • Zuletzt bearbeitet 08.04.2025 16:31:04

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

7.5

CVE-2023-48383

  • EPSS 0.09%
  • Veröffentlicht 15.01.2024 03:15:07
  • Zuletzt bearbeitet 21.11.2024 08:31:36

NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.