Helpsystems
Products by Helpsystems Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Helpsystems . Last year Helpsystems had 1 security vulnerability published. Right now, Helpsystems is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 4 | 6.40 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Helpsystems vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Helpsystems Security Vulnerabilities
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components
CVE-2022-42948
9.8 - Critical
- March 24, 2023
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
Output Sanitization
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7
CVE-2022-39197
6.1 - Medium
- September 22, 2022
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
XSS
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client
CVE-2021-46830
6.5 - Medium
- July 27, 2022
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
Directory traversal
The Labeling tool in Titus Classification Suite 18.8.1910.140
CVE-2021-43708
5.5 - Medium
- April 21, 2022
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.
Improper Preservation of Permissions
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers
CVE-2022-23317
7.5 - High
- February 15, 2022
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
authentification
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3
CVE-2021-36798
7.5 - High
- August 09, 2021
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.
Allocation of Resources Without Limits or Throttling