Episerver Ektron Cms Vulnerabilità

Sequenza temporale

Versione

9.0	6
9.1	6
9.2	4
9.3	4
9.4	4

Contromisure

Official Fix	10
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	0

Sfruttabilità

High	2
Functional	0
Proof-of-Concept	2
Unproven	0
Not Defined	6

Accesso al vettore

Not Defined	0
Physical	0
Local	0
Adjacent	0
Network	10

Autenticazione

Not Defined	0
High	0
Low	2
None	8

Interazione dell'utente

Not Defined	0
Required	8
None	2

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	2
≤5	2
≤6	6
≤7	0
≤8	0
≤9	0
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	2
≤5	6
≤6	2
≤7	0
≤8	0
≤9	0
≤10	0

VulDB

≤1	0
≤2	0
≤3	0
≤4	2
≤5	6
≤6	2
≤7	0
≤8	0
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	4
≤8	0
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Fornitore

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploiter 0 giorni

<1k	8
<2k	0
<5k	2
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Exploiter aujourd'hui

<1k	10
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Sfrutta il volume del mercato

🔴 CTI Attività

Affected Versions (16): 8.02 SP4, 9.0, 9.0 SP3 Site CU30, 9.1, 9.1 SP3 Site CU 44, 9.1.0.184 SP2, 9.2, 9.2 SP2 Site CU 21, 9.3, 9.4, 9.5, 9.6, 9.7, 9.8, 9.9, 9.10

Tipo di software: Content Management System

Data di pubblicazione	Base	Temp	Vulnerabilità	0day	Oggi	Sfr	Con	CTI	CVE
10/10/2018	8.5	7.7	EPiServer Ektron CMS activateuser.aspx escalazione di privilegi	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	CVE-2018-12596
30/10/2017	8.5	8.2	EPiServer Ektron CMS XSLTCompiledTransform Remote Code Execution	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2012-5358
30/10/2017	8.5	8.2	EPiServer Ektron CMS XSL Data ekajaxtransform.aspx XslCompiledTransform Remote Code Execution	$0-$5k	$0-$5k	High	Official Fix	0.00	CVE-2012-5357
25/07/2017	5.2	4.9	EPiServer Ektron CMS SelectUserGroup.aspx cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2016-6133
03/07/2017	5.2	4.9	EPiServer Ektron CMS content.aspx cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2016-6201
09/06/2015	3.5	3.4	EPiServer Ektron CMS workarea.aspx cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2015-4427
09/06/2015	4.3	4.1	EPiServer Ektron CMS MenuActions.aspx cross site request forgery	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	CVE-2015-3624
13/02/2015	7.3	7.0	EPiServer Ektron CMS escalazione di privilegi	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2015-0931
13/02/2015	5.3	5.1	EPiServer Ektron CMS XML External Entity	$0-$5k	$0-$5k	High	Official Fix	0.00	CVE-2015-0923
25/04/2014	3.5	3.4	EPiServer Ektron CMS content.aspx cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2014-2729

altre voci di Episerver

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!