MidnightBSD

Advisories for digitalguardian

CVE-2018-10173 HIGH

Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
digitalguardian management_console 7.1.2.0015
CVE-2018-10174 MEDIUM

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
digitalguardian management_console 7.1.2.0015
CVE-2018-10175 MEDIUM

Digital Guardian Management Console 7.1.2.0015 has an XXE issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
digitalguardian management_console 7.1.2.0015
CVE-2018-10176 MEDIUM

Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
digitalguardian management_console 7.1.2.0015
CVE-2022-35412 LOW

Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N 0.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
digitalguardian digital_guardian 7.7.4.0042