Softing edgeAggregator 3.4.0
Approved changes feed: RSS · Atom
cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:*
part: a version: 3.4.0 update: *
| Vendor | Softing (4b32be6d-69ed-5932-83e7-5560b6afc48d) |
|---|---|
| Product | Edgeaggregator (8cf9532c-e93e-5cec-9a9d-ebd40dd0cca3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-38126 |
vulnerable | 2026-06-03 14:52:30.337447 |
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
HIGH (7.2)
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
Published: 2023-12-19T21:50:37.477Z
Updated: 2024-08-02T17:30:14.068Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-27335 |
vulnerable | 2026-06-03 14:51:00.947657 |
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability
HIGH (8.8)
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504.
Published: 2024-05-03T01:55:57.666Z
Updated: 2024-08-02T12:09:43.030Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.