MidnightBSD

Advisories for atvise

CVE-2011-4873 MEDIUM

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
atvise atvise *
CVE-2011-4880 MEDIUM

Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
atvise webmi2ads *
atvise webmi2ads 1.0
atvise webmi2ads 2.0
CVE-2011-4881 MEDIUM

The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
atvise webmi2ads *
atvise webmi2ads 1.0
atvise webmi2ads 2.0
CVE-2011-4882 MEDIUM

The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
atvise webmi2ads *
atvise webmi2ads 1.0
atvise webmi2ads 2.0
CVE-2011-4883 MEDIUM

The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
atvise webmi2ads *
atvise webmi2ads 1.0
atvise webmi2ads 2.0
CVE-2022-21184 MEDIUM

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
atvise atvise 3.5.4
atvise atvise 3.6
atvise atvise 3.7