← Back

Aris

aris

Vendor: Softwareag • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-66837
1Softwareag
1Aris
Jan 21, 2026
Jan 7, 2026
N/A· v4
6.8 MEDIUM· v3
N/A· v2
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
CVE-2025-66838
1Softwareag
1Aris
Jan 21, 2026
Jan 7, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapi...Show more
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performanceShow less