Articatech Artica Proxy — known CVE vulnerabilities
Every CVE whose affected-product data names Articatech Artica Proxy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2021-41739 — CVSS 9.8 (critical): A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with…
CVE-2024-2056 — CVSS 9.8 (critical): Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular…
CVE-2024-2055 — CVSS 9.8 (critical): The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is…
CVE-2024-2054 — CVSS 9.8 (critical): The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently…
CVE-2020-13159 — CVSS 9.8 (critical): Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac…
CVE-2017-17055 — CVSS 9.0 (critical): Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS)…
CVE-2020-15052 — CVSS 7.5 (high): An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
CVE-2024-2053 — CVSS 7.5 (high): The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently…
CVE-2020-13158 — CVSS 7.5 (high): Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
CVE-2020-10818 — CVSS 7.2 (high): Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
CVE-2019-7300 — CVSS 7.2 (high): Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin…
CVE-2022-37153 — CVSS 6.1 (medium): An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
CVE-2020-15053 — CVSS 6.1 (medium): An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System…
CVE-2020-15051 — CVSS 6.1 (medium): An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name…