CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3127 – Improper Authentication in iSTAR
https://notcve.org/view.php?id=CVE-2023-3127
11 Jul 2023 — An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21941 – iSTAR Ultra
https://notcve.org/view.php?id=CVE-2022-21941
31 Aug 2022 — All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. Todas las versiones de iSTAR Ultra anteriores a la versión 6.8.9.CU01 son vulnerables a una inyección de comandos que podría permitir a un usuario no autentificado el acceso a la raíz del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-11 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •