ReportizFlow
Filtered by vendor Ironmansoftware
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49213 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | 8.8 High |
| The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1. | ||||
| CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | 7.2 High |
| The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | ||||
| CVE-2022-45183 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | 8.8 High |
| Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. | ||||
| CVE-2024-50616 | 1 Ironmansoftware | 1 Powershell Universal | 2024-10-30 | 8.8 High |
| Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information. | ||||
Page 1 of 1.