CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0882 – Authorization Bypass Through User-Controlled Key on Single Connect
https://notcve.org/view.php?id=CVE-2023-0882
17 Feb 2023 — Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. • https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44795 – Modifying User Permissions via Unauthorized Access in Single Connect
https://notcve.org/view.php?id=CVE-2021-44795
27 Jan 2022 — Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. Single Connect no lleva a cabo una comprobación de autorización cuando es usado el módulo "sc-assigned-credential-ui". Un atacante remoto podría aprovechar esta vulnerabilidad para modificar los... • https://www.usom.gov.tr/bildirim/tr-22-0093 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44794 – Information Leakege via Unauthorized Access in Single Connect
https://notcve.org/view.php?id=CVE-2021-44794
27 Jan 2022 — Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. Single Connect no lleva a cabo una comprobación de autorización cuando es usado el módulo "sc-diagnostic-ui". Un atacante remoto podría aprovechar esta vulnerabilidad para acceder a la página de información del dispositivo.... • https://www.usom.gov.tr/bildirim/tr-22-0093 • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44793 – Information Leakege via Unauthorized Access in Single Connect
https://notcve.org/view.php?id=CVE-2021-44793
27 Jan 2022 — Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. Single Connect no lleva a cabo una comp... • https://www.usom.gov.tr/bildirim/tr-22-0093 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44792 – Information Leakege via Unauthorized Access in Single Connect
https://notcve.org/view.php?id=CVE-2021-44792
27 Jan 2022 — Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. Single Connect no lleva a cabo una comprobación de autorización cuando es usado el módulo "log-monitor". Un atacante remoto podría aprovechar esta vulnerabilidad para acceder a la interfaz de registro. • https://www.usom.gov.tr/bildirim/tr-22-0093 • CWE-862: Missing Authorization •