Kovai

kovai

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-59711 1Kovai 1Biztalk360 Apr 9, 2026 Apr 3, 2026 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce...Show more An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal.Show less
CVE-2025-59710 1Kovai 1Biztalk360 Apr 9, 2026 Apr 3, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, u...Show more An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server.Show less
CVE-2025-59709 1Kovai 1Biztalk360 Apr 9, 2026 Apr 3, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authenticat...Show more An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal.Show less