Every CVE whose affected-product data names Adremsoft Netcrunch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-14480 — CVSS 9.8 (critical): AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication…
CVE-2019-14482 — CVSS 9.8 (critical): AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key…
CVE-2019-14483 — CVSS 8.8 (high): AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private…
CVE-2019-14479 — CVSS 8.8 (high): AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code…
CVE-2019-14476 — CVSS 6.5 (medium): AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server…
CVE-2019-14477 — CVSS 5.5 (medium): AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and…
CVE-2019-14478 — CVSS 5.4 (medium): AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not…
CVE-2019-14481 — CVSS 5.4 (medium): AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation…