Filtered by vendor Fujitsu Subscriptions
Filtered by product Arconte Aurea Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4096 1 Fujitsu 1 Arconte Aurea 2024-11-21 8.6 High
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.
CVE-2023-4095 1 Fujitsu 1 Arconte Aurea 2024-11-21 5.3 Medium
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.
CVE-2023-4094 1 Fujitsu 1 Arconte Aurea 2024-11-21 6.5 Medium
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.
CVE-2023-4093 1 Fujitsu 1 Arconte Aurea 2024-11-21 5.5 Medium
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.
CVE-2023-4092 1 Fujitsu 1 Arconte Aurea 2024-11-21 8.8 High
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.