CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20021 – Solare Solar-Log File Upload privileges management
https://notcve.org/view.php?id=CVE-2017-20021
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98931 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20020 – Solare Solar-Log cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20020
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98930 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20019 – Solare Solar-Log Config information disclosure
https://notcve.org/view.php?id=CVE-2017-20019
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •