Skip to main content

Vulnerability Disclosure

Vulnerabilities discovered and disclosed by Aura Information Security.
Name & Description CVE(s) Publish Date Vendor & Product Affected Versions
Pentaho Business Analytics Server CVE-2022-43769, CVE-2022-43773, CVE-2022-43938, CVE-2022-43939, CVE-2022-43940, CVE-2022-43771, CVE-2022-43941, CVE-2022-3960, CVE-2022-43772 4 April 2023 Hitachi Vantara - Pentaho Business Analytics Server 9.4.0.1 and 9.3.0.2, including 8.3.x
Adobe ColdFusion - Path Traversal Vulnerability CVE-2019-8074 24 September 2019 Adobe - ColdFusion 2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions
Sitecore CRM 8.1 - Authenticated vulnerabilities within Sitecore permit arbitary file upload and download CVE-2017-5965, CVE-2017-5966 19 May 2017 Sitecore - Sitecore 8.1 Rev 151207
VMware Horizon DaaS - Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server VMSA-2017-0002, CVE-2017-4897 10 March 2017 VMware - Horizon Daas Platform 6.1.x
SageCRM - A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution CVE-2017-5219, CVE-2017-5218 24 January 2017 Sage - SageCRM 7.0.e and later