MidnightBSD

Advisories for xm-online

CVE-2019-15557 HIGH

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xm-online xm^online_2_user_account_and_authentication_server 1.0.0
CVE-2019-15558 HIGH

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
xm-online xm^online_2_-_common_utils_and_endpoints 0.2.1