Control Room Management Suite

control_room_management_suite

Vendor: Barco • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26978 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
CVE-2022-26977 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
CVE-2022-26976 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
CVE-2022-26975 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
CVE-2022-26974 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
CVE-2022-26973 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal d...Show more Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.Show less
CVE-2022-26972 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
CVE-2022-26971 1Barco 1Control Room Management Suite Nov 21, 2024 Jun 2, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.
CVE-2022-26233 1Barco 1Control Room Management Suite Nov 21, 2024 Apr 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\...Show more Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.Show less