GCVE - cpe:2.3:a:adremsoft:netcrunch:10.6.0.4587:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adremsoft:netcrunch:10.6.0.4587:*:*:*:*:*:*:*

part: a version: 10.6.0.4587 update: *

Vendor	Adremsoft (`93308179-254d-5302-8842-5a2162072648`)
Product	Netcrunch (`a76d58b4-19be-5e27-a491-51a1eba5e6e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-14481`	vulnerable	2026-06-03 14:39:45.405280	Details available AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. Published: 2020-12-16T16:55:36.000Z Updated: 2024-08-05T00:19:41.190Z Open on db.gcve.eu Reference links https://www.adremsoft.com/support/ https://compass-security.com/fileadmin/Research/Advisories/2020-15_CSNC-2019-016_AdRem_NetCrunch_Cross-Site_Request_Forgery_CSRF.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14479`	vulnerable	2026-06-03 14:39:45.404664	Details available AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. Published: 2020-12-16T16:39:42.000Z Updated: 2024-08-05T00:19:41.131Z Open on db.gcve.eu Reference links https://www.adremsoft.com/support/ https://compass-security.com/fileadmin/Research/Advisories/2020-13_CSNC-2019-014_AdRem_NetCrunch_Remote_Code_Execution.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14478`	vulnerable	2026-06-03 14:39:45.404351	Details available AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. Published: 2020-12-16T17:01:52.000Z Updated: 2024-08-05T00:19:41.076Z Open on db.gcve.eu Reference links https://www.adremsoft.com/support/ https://compass-security.com/fileadmin/Research/Advisories/2020-12_CSNC-2019-013_AdRem_NetCrunch_Cross-Site_Scripting_XSS.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14476`	vulnerable	2026-06-03 14:39:45.401913	Details available AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. Published: 2020-12-16T16:50:47.000Z Updated: 2024-08-05T00:19:41.050Z Open on db.gcve.eu Reference links https://www.adremsoft.com/support/ https://compass-security.com/fileadmin/Research/Advisories/2020-10_CSNC-2019-011_AdRem_NetCrunch_Server-Side_Request_Forgery_SSRF.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

AdRem Software NetCrunch 10.6.0.4587

PURL mappings

Vulnerability references

Contribute