CVE-2025-34156
- EPSS 0.08%
- Veröffentlicht 23.10.2025 16:30:41
- Zuletzt bearbeitet 27.10.2025 13:20:15
Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, ...
CVE-2025-34155
- EPSS 0.44%
- Veröffentlicht 23.10.2025 16:30:18
- Zuletzt bearbeitet 27.10.2025 13:20:15
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker t...
CVE-2024-12700
- EPSS 0.2%
- Veröffentlicht 19.12.2024 23:15:05
- Zuletzt bearbeitet 19.12.2024 23:15:05
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.
CVE-2015-7913
- EPSS 0.05%
- Veröffentlicht 21.11.2015 11:59:25
- Zuletzt bearbeitet 12.04.2025 10:46:40
ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.
- EPSS 0.46%
- Veröffentlicht 21.11.2015 11:59:24
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document.