Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Connection_broker
(Leostream)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-06 | CVE-2020-26574 | Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | Connection_broker | 9.6 | ||
| 2021-08-06 | CVE-2021-38157 | LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | Connection_broker | 6.1 | ||
| 2022-01-18 | CVE-2021-41551 | Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | Connection_broker | 4.9 | ||
| 2022-01-18 | CVE-2021-41550 | Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. | Connection_broker | 7.2 | ||
| 2018-10-30 | CVE-2018-18817 | The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. | Agent, Connection_broker | 7.5 |