CVE-2026-26334
- EPSS 0%
- Veröffentlicht 13.02.2026 20:53:18
- Zuletzt bearbeitet 26.02.2026 22:45:49
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.s...
CVE-2026-26333
- EPSS 0.13%
- Veröffentlicht 13.02.2026 20:51:57
- Zuletzt bearbeitet 26.02.2026 22:46:30
Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binar...
CVE-2026-26335
- EPSS 0.11%
- Veröffentlicht 13.02.2026 20:51:26
- Zuletzt bearbeitet 26.02.2026 22:45:37
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can c...