Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| keystorage | global_facilities_management_software | 3.0 |
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| keystorage | global_facilities_management_software | 20230721a |
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| keystorage | global_facilities_management_software | 20230721a |
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| keystorage | global_facilities_management_software | 20230721a |
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| keystorage | global_facilities_management_software | 20230721a |