CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| centra | asp | * |
| centra | centraone | 5.2 |
| centra | smart_connect | cen5.2-03 |
Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| centra | centra | 7 |