CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3786 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3786
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. Vulnerabilidad en WBSAirback 21.02.04, que involucra la neutralización inadecuada de Incluye del lado del servidor (SSI), a través de Sincronizaciones de dispositivos (/admin/DeviceReplication). La explotación de esta vulnerabilidad podría permitir que un usuario remoto ejecute código arbitrario. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3785 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3785
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. Vulnerabilidad en WBSAirback 21.02.04, que implica la neutralización inadecuada de Server-Side Includes (SSI), a través de la sección compartida del dispositivo NAS (/admin/DeviceNAS). La explotación de esta vulnerabilidad podría permitir que un usuario remoto ejecute código arbitrario. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3784 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3784
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. Vulnerabilidad en WBSAirback 21.02.04, que implica la neutralización inadecuada de Server-Side Includes (SSI), a través de Cuentas S3 (/admin/CloudAccounts). La explotación de esta vulnerabilidad podría permitir que un usuario remoto ejecute código arbitrario. • https://github.com/gsmith257-cyber/CVE-2024-37843-POC https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3783 – Path Traversal vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3783
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. La sección agentes de respaldo en WBSAirback 21.02.04 se ve afectada por una vulnerabilidad Path Traversal, que permite a un usuario con pocos privilegios descargar archivos del sistema. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3782 – Cross-Site Request Forgery (CSRF) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3782
Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. Vulnerabilidad de Cross-Site Request Forgery en WBSAirback 21.02.04, que podría permitir a un atacante crear un formulario HTML manipulado para realizar acciones privilegiadas una vez que lo ejecuta un usuario privilegiado. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-352: Cross-Site Request Forgery (CSRF) •