MidnightBSD

Advisories for datev

CVE-2003-1169 MEDIUM

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
datev nutzungskontrolle 2.1
datev nutzungskontrolle 2.2
CVE-2010-0689 HIGH

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
datev base_system *
CVE-2023-33387

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

Products Affected

Vendor Product Version
datev eg_personal-management_system_comfort/comfort_plus *
datev eg_personal-management_system_comfort/comfort_plus 16.1.1