ETQ Reliance 漏洞列表
共找到 5 个与 ETQ Reliance 相关的漏洞
📅 加载漏洞趋势中...
-
ETQ Reliance存在反射xss漏洞(CVE-2025-34141) 无POC
ETQ Reliance存在反射xss漏洞,这使得远程攻击者能够在用户浏览器中注入并执行恶意脚本。 -
CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet POC
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1. -
CVE-2025-34143: ETQ Reliance - Authentication Bypass via Trailing Space POC
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583. -
CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet POC
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1. -
CVE-2025-34143: ETQ Reliance - Authentication Bypass via Trailing Space POC
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.