← Back

Vbase

vbase

Vendor: Visam • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-45876
1Visam
1Vbase
Jan 17, 2025
Apr 26, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVE-2022-3217
1Visam
1Vbase
Nov 21, 2024
Sep 16, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can ob...Show more
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.Show less