MidnightBSD

Advisories for profelis

CVE-2022-25619 MEDIUM

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
cve@profelis.com.tr 3.8 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.3 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
profelis sambabox *
CVE-2022-25620 LOW

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
cve@profelis.com.tr 3.8 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.3 3.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
profelis sambabox *
CVE-2024-7015

Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.

Products Affected

Vendor Product Version
profelis passbox *