Generalbytes Crypto Application Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Generalbytes Crypto Application Server.
By the Year
In 2026 there have been 0 vulnerabilities in Generalbytes Crypto Application Server. Last year, in 2025 Crypto Application Server had 1 security vulnerability published. Right now, Crypto Application Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.10 |
It may take a day or so for new Crypto Application Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Generalbytes Crypto Application Server Security Vulnerabilities
General Bytes CAS Auth Bypass in Admin Web (pre-20220531.38)
CVE-2022-4980
- September 19, 2025
General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation / first-admin creation page and create a new administrative account remotely. By gaining admin privileges, the attacker can change the ATM configuration resulting in redirected funds. Public vendor advisories and multiple independent writeups describe the vulnerability as a call to the page used for initial/default installation / first administration user creation; General Bytes has not publicly published the exact endpoint/parameter name. The issue was actively exploited in the wild against cloud-hosted and standalone CAS deployments (scanning exposed CAS instances on ports 7777/443), and publicly acknowledged by the General Bytes in September 2022.
Missing Authentication for Critical Function
General Bytes CAS RCE via /batm/app before v20221118.48
CVE-2023-28725
9.1 - Critical
- March 22, 2023
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Generalbytes Crypto Application Server or by Generalbytes? Click the Watch button to subscribe.
