March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021Rewterz Threat Alert – Confucious APT Targeting Victims in Pakistan and Kashmir
February 12, 2021Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021Rewterz Threat Alert – Confucious APT Targeting Victims in Pakistan and Kashmir
February 12, 2021
Severity
High
Analysis Summary
CVE-2021-22654
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
CVE-2021-22658
The affected product is vulnerable to a SQL injection, which may allow an attacker to escalate privileges to ‘Administrator’.
CVE-2021-22656
The affected product is vulnerable to directory traversal, which may allow an attacker to read sensitive files.
CVE-2021-22652
Access to the affected product’s configuration is missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Impact
- SQL Injection
- Path Traversal
- Missing Authentication for Critical Function
Affected Vendors
Advantech
Affected Products
iView versions prior to v5.7.03.6112
Remediation
Advantech has released Version 5.7.03.6112 of iView to address these reported vulnerabilities.