Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3936 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | |||||
| CVE-2020-3921 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | |||||
| CVE-2020-3920 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. | |||||