MidnightBSD

Advisories for systematicinc

CVE-2018-9115 MEDIUM

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
systematicinc sitaware 6.4
CVE-2019-18926 MEDIUM

Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
systematicinc iris_standards_management 2.1