Summary of Security Advisories
Posted on 15 - Jan 2024
|
CSAL-ID |
Date |
Advisory |
CVE Number |
Vulnerability overview |
Affected Product Details |
Product FW Version |
|
12-Jan-24 |
WP500 Authorization |
NA |
Authorization or authentication |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 unprivileged access |
NA |
Unprivileged Access of Privilege URLs |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 CSRF Attack |
NA |
CSRF Attack Possible on Various Forms |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 CSV |
NA |
CSV Injection Attack Found |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 Vulnerable Apache |
NA |
Vulnerable Apache Tomcat Version Found |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 Privilege Escalation |
NA |
Privilege Escalation via Form Submission |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 x frame option |
NA |
Click jacking Due to Missing X-Frame-Options Header |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 HTTPs |
NA |
Insecure Transition from HTTPS to HTTP |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 TLS support |
NA |
TLS Server Supports Outdated TLS 1.0 |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 session limit |
NA |
No Limit on Concurrent Sessions |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 web server |
NA |
Error Page Discloses Web Server Details |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 form fields |
NA |
Auto complete Enabled on Form Fields |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP500 web securities |
NA |
Missing HTTP Security Headers |
WP500 |
0.6.5 |
|
|
12-Jan-24 |
WP 500 Apache tomcat files |
NA |
Default Apache Tomcat Files Present |
WP500 |
0.6.5 |
|
|
CSAL#65 |
12-Jan-24 |
WP500 open port |
NA |
Open Ports Found Internally |
WP500 |
0.6.5 |
|
CSAL#66 |
12-Jan-24 |
WP500 vulnerabilities |
NA |
No Vulnerabilities Found with Auxiliary Scans on Open Ports |
WP500 |
0.6.5 |