Security Advisories

2025-04-11

Contributor: Diego Giubertoni from Nozomi Networks Inc.
Product: i-PRO Configuration Tool (iCT)
Affected versions: prior to 4.30
Fixed version: 4.30
References: 
　　Release Note
　　Download
　　JVN#84627857
Vulnerabilities:

• CVE-2025-32730　(CVSS v3: 5.5)Vulnerability in the use of hardcoded encryption keys in several i-PRO configuration tool.

2023-08-31

Contributor: Michael Heinzl
Product: VI Web Client
Affected versions: prior to 7.9.6
Fixed version: 7.9.6
References: 
　　Release Note
　　Download
　　JVN#60140221
Vulnerabilities:

• CVE-2023-38574　(CVSS v3: 4.7 )
  Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
• CVE-2023-39938 (CVSS v3: 6.1)
  Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.
• CVE-2023-40535 (CVSS v3: 5.4)
  Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.
• CVE-2023-40705 (CVSS v3: 5.4)
  Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.