Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ucrm

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2017-0912
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 21:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-ucrmn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-0913
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 16.99%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 21:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-ucrmn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource