MidnightBSD

Advisories for idera

CVE-2015-2894 MEDIUM

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.2
idera uptime_infrastructure_monitor 6.0
CVE-2015-2895 HIGH

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.4
CVE-2015-2896 MEDIUM

The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor *
CVE-2015-8268 MEDIUM

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.6
idera uptime_infrastructure_monitor 7.5
CVE-2015-9263 HIGH

An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.5.0
idera uptime_infrastructure_monitor 7.4.0
CVE-2017-11469 MEDIUM

get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.8
CVE-2017-11470 HIGH

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.8
CVE-2017-11471 HIGH

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
idera uptime_infrastructure_monitor 7.8
CVE-2020-19587

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
idera yellowfin_business_intelligence 7.3