Wissam Bashour

#11511de 53,640
23.9CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2018-14577
8.8
2018-12-28
Microstrategy · Microstrategy Analytics · CVE-2018-18696
**Name of the Vulnerable Software and Affected Versions** Microstrategy Analytics versions prior to 10.4.0026.0049 **Description** The issue concerns a CSRF problem in the main.aspx file. The vendor has provided documentation for preventing CSRF attacks, but there is a disagreement on whether this issue constitutes a vulnerability. No information is available on the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 10.4.0026.0049, consider implementing the CSRF prevention measures as described in the vendor-provided documentation to minimize the risk of exploitation. As a temporary workaround, restrict access to the main.aspx file until the issue is resolved.
PT-2016-6615
4.0
2016-07-19
Misys · Misys Fusioncapital Opics Plus · CVE-2016-5653
**Name of the Vulnerable Software and Affected Versions** Misys FusionCapital Opics Plus (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `ID` or `Branch` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2016-6617
4.3
2016-07-19
Misys · Misys Fusioncapital Opics Plus · CVE-2016-5655
**Name of the Vulnerable Software and Affected Versions** Misys FusionCapital Opics Plus (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate because Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2015-6596
6.8
2015-07-16
B.A.S · B.A.S C2Box · CVE-2015-4460
**Name of the Vulnerable Software and Affected Versions** B.A.S C2Box versions prior to 4.0.0 (r19171) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. **Recommendations** For versions prior to 4.0.0 (r19171), update to version 4.0.0 (r19171) or later to resolve the issue.