Vulnerabilities (CVE)

Filtered by vendor Globalradar Subscribe

Filtered by product Bsa Radar

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-14946	1 Globalradar	1 Bsa Radar	2020-07-14	4.0 MEDIUM	4.3 MEDIUM
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
CVE-2020-14943	1 Globalradar	1 Bsa Radar	2020-06-30	3.5 LOW	5.4 MEDIUM
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.