Matera

matera

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-14929 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.
CVE-2018-14928 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.
CVE-2018-14927 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/rec...Show more Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.Show less
CVE-2018-14926 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
CVE-2018-14925 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
CVE-2018-14924 1Matera 1Banco Nov 21, 2024 Aug 3, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.