Filtered by vendor Unitrends
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8427 | 1 Unitrends | 1 Backup | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. | |||||
| CVE-2017-7279 | 1 Unitrends | 1 Enterprise Backup | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||||
| CVE-2018-6329 | 1 Unitrends | 1 Backup | 2019-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. | |||||
| CVE-2017-7280 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. | |||||