The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fabasoft | fabasoft_cloud | 3.0.1 |
The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fabasoft | fabasoft_cloud_enterprise_client | 22.4.0043 |
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fabasoft | cloud_enterprise_client | 23.3.0.130 |
| fabasoft | folio_/_egov-suite | 2023 |
| fabasoft | folio_/_egov-suite | 2022 |
| fabasoft | cloud | - |
| fabasoft | folio_/_egov-suite | 2021 |