MidnightBSD

Advisories for boodskap

CVE-2018-13325 MEDIUM

The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
boodskap growchain -
CVE-2022-35134

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
boodskap iot_platform 4.4.9-02
CVE-2022-35135

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
boodskap iot_platform 4.4.9-02
CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
boodskap iot_platform 4.4.9-02