![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Confucious APT Targeting Victims in Pakistan and Kashmir
February 12, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Confucious APT Targeting Victims in Pakistan and Kashmir
February 12, 2021Severity
High
Analysis Summary
CVE-2021-22654
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
CVE-2021-22658
The affected product is vulnerable to a SQL injection, which may allow an attacker to escalate privileges to ‘Administrator’.
CVE-2021-22656
The affected product is vulnerable to directory traversal, which may allow an attacker to read sensitive files.
CVE-2021-22652
Access to the affected product’s configuration is missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Impact
- SQL Injection
- Path Traversal
- Missing Authentication for Critical Function
Affected Vendors
Advantech
Affected Products
iView versions prior to v5.7.03.6112
Remediation
Advantech has released Version 5.7.03.6112 of iView to address these reported vulnerabilities.