Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7669 | 1 Primasystems | 1 Flexair | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. | |||||
| CVE-2019-7667 | 1 Primasystems | 1 Flexair | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system. | |||||
| CVE-2019-7668 | 1 Primasystems | 1 Flexair | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Prima Systems FlexAir devices have Default Credentials. | |||||
| CVE-2019-7672 | 1 Primasystems | 1 Flexair | 2019-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges. | |||||