MidnightBSD

Advisories for veraxsystems

CVE-2013-1350 MEDIUM

Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
veraxsystems network_management_system *
CVE-2013-1351 MEDIUM

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,

Products Affected

Vendor Product Version
veraxsystems network_management_system *
CVE-2013-1352 MEDIUM

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
veraxsystems network_management_system *
CVE-2013-1631 MEDIUM

Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
veraxsystems network_management_system *