Ahsay Cloud Backup Suite
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ahsay Cloud Backup Suite.
By the Year
In 2026 there have been 0 vulnerabilities in Ahsay Cloud Backup Suite. Cloud Backup Suite did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.20 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
| 2019 | 5 | 7.42 |
It may take a day or so for new Cloud Backup Suite vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ahsay Cloud Backup Suite Security Vulnerabilities
AhsayCBS 9.1.4.0 Runtime Options Injection RCE via Java opts
CVE-2022-37027
7.2 - High
- September 21, 2022
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.
Argument Injection
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30
CVE-2020-5846
8.8 - High
- January 06, 2020
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds.
Unrestricted File Upload
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50
CVE-2019-10263
6.1 - Medium
- July 26, 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.
XSS
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50
CVE-2019-10264
7.2 - High
- July 26, 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
XXE
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50
CVE-2019-10265
7.5 - High
- July 26, 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.
Directory traversal
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50
CVE-2019-10266
7.5 - High
- July 26, 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
XXE
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50
CVE-2019-10267
8.8 - High
- July 26, 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ahsay Cloud Backup Suite or by Ahsay? Click the Watch button to subscribe.
