Known Vulnerabilities for products from Orangescrum
Listed below are 5 of the newest known vulnerabilities associated with the vendor "Orangescrum".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-1783 json | OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because ... | 7.6 - HIGH | 2023-06-23 | 2023-07-06 |
| CVE-2023-0738 json | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possib... | 6.1 - MEDIUM | 2023-04-04 | 2023-04-17 |
| CVE-2023-0624 json | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possib... | 6.1 - MEDIUM | 2023-02-09 | 2023-02-16 |
| CVE-2023-0454 json | OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is... | 8.1 - HIGH | 2023-02-01 | 2023-02-07 |
| CVE-2023-0164 json | OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is pos... | 8.8 - HIGH | 2023-01-18 | 2023-01-28 |