Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7670 | 1 Primasystems | 1 Flexair | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system. | |||||
| CVE-2019-7666 | 1 Primasystems | 1 Flexair | 2019-07-31 | 6.5 MEDIUM | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password. | |||||
| CVE-2019-9189 | 1 Primasystems | 1 Flexair | 2019-07-31 | 9.0 HIGH | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access. | |||||
| CVE-2019-7281 | 1 Primasystems | 1 Flexair | 2019-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | |||||