This page lists security vulnerability fixes made in Device Control Plus.
Follow general security recommendations to fortify your Device Control Server.
| CVE | Synopsis | Severity |
|---|---|---|
| Privilege Escalation Vulnerability | A Privilege Escalation vulnerability raised in ManageEngine Bug Bounty program. | HIGH |
| Authenticated SQL Injection Vulnerability (CVE-2022-47523) | A SQL injection (SQLi) vulnerability. | CRITICAL |
| CVE-2020-1968 | The Raccoon attack exploits a flaw in the TLS specification. | LOW |
| CVE-2020-13943 | HTTP/2 pseudo headers. | MEDIUM |
| CVE-2020-9490 | A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request resulted in a crash. | HIGH |
| CVE-2020-13935 | Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | HIGH |
| CVE-2020-13934 | OutOfMemoryException leads to a denial of service. | HIGH |
| CVE-2020-14350 | PostgreSQL extensions did not use search_path safely in their installation script. | HIGH |
| CVE-2020-11984 | Integer overflow in the mod_proxy_uwsgi. | CRITICAL |
| CVE-2020-11993 | Concurrent use of memory pools on the HTTP/2 module. | HIGH |
| Integer Overflow Vulnerability (CVE-2020-15588) | Integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate leading to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | CRITICAL |
| CVE-2020-11996 | Triggers high CPU usage for several seconds, rendering the server unresponsive. | HIGH |
| CVE-2020-9484 | Allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore. | HIGH |
| Remote Code Execution Vulnerability (CVE-2021-44228) | Allows malicious users to execute arbitrary code on a machine or pod loaded from LDAP servers by using a bug found in the log4j library. | CRITICAL |