Vulnerabilities (CVE)

Filtered by vendor Drobo Subscribe

Filtered by product 5n2 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-14695	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	5.0 MEDIUM	7.5 HIGH
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.
CVE-2018-14700	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	5.0 MEDIUM	7.5 HIGH
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.
CVE-2018-14707	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	7.8 HIGH	7.5 HIGH
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.
CVE-2018-14702	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	5.0 MEDIUM	7.5 HIGH
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
CVE-2018-14696	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	5.0 MEDIUM	7.5 HIGH
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.