cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-52335,https://securityvulnerability.io/vulnerability/CVE-2023-52335,Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability,"The iView ConfigurationServlet in Advantech iView exposes a security vulnerability that permits remote attackers to access sensitive information. This occurs due to improper validation of a user-supplied string while constructing SQL queries. The vulnerable servlet listens on TCP port 8080 by default. The flaw allows attackers to exploit the system without authentication, potentially revealing stored credentials and leading to further system compromise. As a result, it is crucial for users of Advantech iView to apply appropriate security measures and stay informed about this vulnerability.",Advantech,Iview,7.5,HIGH,0.0025500000920146704,false,,false,false,false,,,false,false,,2024-11-22T20:05:15.175Z,0
CVE-2023-3983,https://securityvulnerability.io/vulnerability/CVE-2023-3983,SQL Injection Vulnerability in Advantech iView by Advantech,"An SQL injection vulnerability exists in Advantech iView that allows authenticated attackers to bypass security checks. By exploiting this flaw, attackers can execute blind SQL injection attacks, potentially compromising the integrity and confidentiality of the database. This vulnerability affects all versions of Advantech iView prior to v5.7.4 build 6752, underscoring the importance of timely updates and security measures to safeguard sensitive data.",Advantech,Advantech Iview,8.8,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-07-31T00:00:00.000Z,0
CVE-2022-3323,https://securityvulnerability.io/vulnerability/CVE-2022-3323,SQL Injection Vulnerability in Advantech iView Solutions,"An SQL injection vulnerability has been identified in Advantech iView, specifically in the ConfigurationServlet endpoint which operates on TCP port 8080 by default. This issue allows unauthenticated remote attackers to exploit the setConfiguration action by crafting a malicious column_value parameter. This manipulation bypasses the intended SQL injection checks, enabling attackers to potentially access sensitive information, such as the iView admin password. Organizations using iView 5.7.04.6469 should prioritize remediation to safeguard against potential vulnerabilities.",Advantech,Advantech Iview,7.5,HIGH,0.002050000010058284,false,,false,false,false,,,false,false,,2022-09-27T23:15:00.000Z,0
CVE-2022-2136,https://securityvulnerability.io/vulnerability/CVE-2022-2136,Advantech iView,The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.,Advantech Iview,Iview,8.8,HIGH,0.004129999782890081,false,,false,false,false,,,false,false,,2022-07-22T15:15:00.000Z,0
CVE-2022-2137,https://securityvulnerability.io/vulnerability/CVE-2022-2137,Advantech iView,The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information,Advantech Iview,Iview,4.9,MEDIUM,0.002240000059828162,false,,false,false,false,,,false,false,,2022-07-22T15:15:00.000Z,0
CVE-2022-2135,https://securityvulnerability.io/vulnerability/CVE-2022-2135,Advantech iView,"The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.",Advantech Iview,Iview,7.5,HIGH,0.0031999999191612005,false,,false,false,false,,,false,false,,2022-07-22T15:15:00.000Z,0
CVE-2022-2142,https://securityvulnerability.io/vulnerability/CVE-2022-2142,Advantech iView,"The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.",Advantech Iview,Iview,8.1,HIGH,0.0016199999954551458,false,,false,false,false,,,false,false,,2022-07-22T15:15:00.000Z,0
CVE-2022-2143,https://securityvulnerability.io/vulnerability/CVE-2022-2143,Advantech iView,"The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.",Advantech Iview,Iview,9.8,CRITICAL,0.5465999841690063,false,,false,false,false,,,false,false,,2022-06-28T00:00:00.000Z,0
CVE-2022-2139,https://securityvulnerability.io/vulnerability/CVE-2022-2139,Advantech iView,"The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.",Advantech Iview,Iview,6.5,MEDIUM,0.08243999630212784,false,,false,false,false,,,false,false,,2022-06-28T00:00:00.000Z,0
CVE-2022-2138,https://securityvulnerability.io/vulnerability/CVE-2022-2138,Advantech iView,"The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.",Advantech Iview,Iview,8.2,HIGH,0.01143999956548214,false,,false,false,false,,,false,false,,2022-06-28T00:00:00.000Z,0
CVE-2021-32930,https://securityvulnerability.io/vulnerability/CVE-2021-32930,Authentication Bypass in iView by T-Systems,"The iView product from T-Systems is susceptible to a security issue caused by missing authentication. This vulnerability enables attackers to alter configurations and execute arbitrary code, posing a significant risk to system integrity. Users of iView versions prior to v5.7.03.6182 should prioritize updating their software to mitigate potential threats.",Advantech,Iview,9.8,CRITICAL,0.004430000204592943,false,,false,false,false,,,false,false,,2021-06-11T16:25:36.000Z,0
CVE-2021-32932,https://securityvulnerability.io/vulnerability/CVE-2021-32932,SQL Injection Vulnerability in iView by Citect - Affected by Unauthorized Access Risk,"The iView product by Citect is susceptible to a SQL injection flaw, which could allow an unauthorized attacker to exploit the system. This vulnerability primarily affects versions prior to v5.7.03.6182, enabling potential unauthorized data access and the exposure of sensitive information.",Advantech,Iview,7.5,HIGH,0.004679999779909849,false,,false,false,false,,,false,false,,2021-06-11T16:24:18.000Z,0
CVE-2021-22652,https://securityvulnerability.io/vulnerability/CVE-2021-22652,Unauthenticated Remote Code Execution in Advantech iView by Advantech,"A vulnerability exists in Advantech iView versions prior to v5.7.03.6112, where missing authentication measures can be exploited by an unauthorized attacker to alter system configurations. This flaw may potentially allow attackers to execute arbitrary code, leading to significant security risks for affected systems. Organizations using these versions should prioritize upgrading their software to mitigate potential threats.",Advantech,Advantech Iview,9.8,CRITICAL,0.8898500204086304,false,,false,false,false,,,false,false,,2021-02-11T16:06:38.000Z,0
CVE-2021-22656,https://securityvulnerability.io/vulnerability/CVE-2021-22656,Directory Traversal Vulnerability in Advantech iView,"Advantech iView versions before v5.7.03.6112 are susceptible to a directory traversal vulnerability. This weakness enables attackers to manipulate file paths, potentially gaining access to sensitive files on the server. By exploiting this flaw, an unauthorized attacker could read system files that are typically restricted, posing significant risks to data confidentiality and system integrity. To remediate this issue, it is essential for users of affected versions to upgrade to a patched version of the software to protect their systems from possible attacks.",Advantech,Advantech Iview,7.5,HIGH,0.14305000007152557,false,,false,false,false,,,false,false,,2021-02-11T16:06:31.000Z,0
CVE-2021-22658,https://securityvulnerability.io/vulnerability/CVE-2021-22658,SQL Injection Vulnerability in Advantech iView Products,"Advantech iView, specifically versions earlier than v5.7.03.6112, is exposed to a SQL injection vulnerability, which could enable attackers to elevate their privileges to that of an 'Administrator'. This flaw poses a significant risk, allowing unauthorized users to gain access to sensitive functionalities within the application.",Advantech,Advantech Iview,9.8,CRITICAL,0.010289999656379223,false,,false,false,false,,,false,false,,2021-02-11T16:06:25.000Z,0
CVE-2021-22654,https://securityvulnerability.io/vulnerability/CVE-2021-22654,SQL Injection Vulnerability in Advantech iView Software,"Advantech iView versions before v5.7.03.6112 are susceptible to a SQL injection vulnerability that may allow unauthorized attackers to access sensitive information, potentially leading to data breaches and compromised system integrity.",Advantech,Advantech Iview,7.5,HIGH,0.032990001142024994,false,,false,false,false,,,false,false,,2021-02-11T16:06:18.000Z,0
CVE-2020-16245,https://securityvulnerability.io/vulnerability/CVE-2020-16245,Path Traversal Vulnerability in Advantech iView Products,"Advantech iView, in versions 5.7 and earlier, is impacted by a path traversal vulnerability. This allows attackers to manipulate file paths and potentially create or download arbitrary files on the server. Exploiting this vulnerability may lead to a limitation of system availability and could enable remote code execution, which poses significant risks to the integrity and security of affected systems.",Advantech,Advantech Iview,9.8,CRITICAL,0.1474200040102005,false,,false,false,false,,,false,false,,2020-08-25T18:03:49.000Z,0
CVE-2020-14501,https://securityvulnerability.io/vulnerability/CVE-2020-14501,Improper Authentication Vulnerability in Advantech iView Solution,"Advantech iView versions up to 5.6 contain a vulnerability due to improper authentication for critical functions. This weakness allows attackers to gain unauthorized access, potentially revealing user table information, including sensitive administrator credentials in clear text. Additionally, it could allow an attacker to delete an existing administrator account, further compromising system integrity and security.",Advantech,Advantech Iview,9.8,CRITICAL,0.005280000157654285,false,,false,false,false,,,false,false,,2020-07-15T02:19:48.000Z,0
CVE-2020-14503,https://securityvulnerability.io/vulnerability/CVE-2020-14503,Improper Input Validation in Advantech iView Software,"Advantech iView versions up to 5.6 exhibit a vulnerability due to improper input validation. Malicious actors could exploit this weakness to execute arbitrary code remotely, potentially compromising the integrity and availability of affected systems.",Advantech,Advantech Iview,9.8,CRITICAL,0.012959999963641167,false,,false,false,false,,,false,false,,2020-07-15T02:15:13.000Z,0
CVE-2020-14499,https://securityvulnerability.io/vulnerability/CVE-2020-14499,Improper Access Control Vulnerability in Advantech iView from Advantech,"Advantech iView, up to version 5.6, is impacted by an improper access control vulnerability that could allow unauthorized users to gain access to sensitive user account credentials. This flaw presents a significant risk, as attackers may exploit it to compromise sensitive information, leading to potential data breaches and unauthorized activities within the system. Organizations using affected versions must prioritize patching and updating their software to mitigate this security risk.",Advantech,Advantech Iview,7.5,HIGH,0.014550000429153442,false,,false,false,false,,,false,false,,2020-07-15T02:11:10.000Z,0
CVE-2020-14505,https://securityvulnerability.io/vulnerability/CVE-2020-14505,Command Injection Flaw in Advantech iView Products,"Advantech iView versions 5.6 and earlier are susceptible to a command injection vulnerability, which allows attackers to manipulate HTTP GET or POST requests. By exploiting this flaw, an attacker could craft a command string that lacks proper validation, potentially leading to unauthorized remote code execution on the affected system. This vulnerability poses significant security risks as attackers could gain access to sensitive information or control over the system. Organizations using affected versions should prioritize applying relevant security patches and implementing stringent security measures.",Advantech,Advantech Iview,9.8,CRITICAL,0.004840000066906214,false,,false,false,false,,,false,false,,2020-07-15T01:59:33.000Z,0
CVE-2020-14497,https://securityvulnerability.io/vulnerability/CVE-2020-14497,SQL Injection Vulnerabilities in Advantech iView Software,"Advantech iView software versions 5.6 and earlier are susceptible to multiple SQL injection vulnerabilities. These flaws allow an attacker to manipulate SQL queries through user-controlled strings, potentially leading to unauthorized access to sensitive data, including user credentials. Exploiting these vulnerabilities could enable an attacker to read or modify critical information and execute code remotely, thus posing significant risks to data integrity and confidentiality.",Advantech,Advantech Iview,9.8,CRITICAL,0.09025000035762787,false,,false,false,false,,,false,false,,2020-07-15T01:50:54.000Z,0
CVE-2020-14507,https://securityvulnerability.io/vulnerability/CVE-2020-14507,Path Traversal Vulnerability in Advantech iView Versions,"The iView product by Advantech, versions 5.6 and prior, is vulnerable to multiple path traversal flaws. These vulnerabilities may allow an attacker to manipulate file paths, leading to the creation or download of arbitrary files on the server. This can result in compromised system availability and the potential for remote code execution. Proper validation of input paths is essential to mitigate these risks.",Advantech,Advantech Iview,9.8,CRITICAL,0.0071000000461936,false,,false,false,false,,,false,false,,2020-07-15T01:48:12.000Z,0