← Back

Bdr Suite

bdr_suite

Vendor: Vembu • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-43458
1Vembu
1Bdr Suite
Nov 21, 2024
Apr 4, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
CVE-2021-26474
1Vembu
2Bdr Suite
Offsite Dr
Nov 21, 2024
Jun 8, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
CVE-2021-26473
1Vembu
2Bdr Suite
Offsite Dr
Nov 21, 2024
Jun 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These file...Show more
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.Show less
CVE-2021-26472
1Vembu
2Bdr Suite
Offsite Dr
Nov 21, 2024
Jun 8, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary O...Show more
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.Show less
CVE-2021-26471
1Vembu
2Bdr Suite
Offsite Dr
Nov 21, 2024
Jun 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell co...Show more
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.Show less