Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
An unrestricted upload of a file with dangerous type vulnerability could allow an authenticated remote user to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.
An improper neutralization of an input during webpage generation vulnerability could allow an authenticated remote user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a stored cross-site scripting attack against other WebReport users.
Multiple improper neutralizations of an input during webpage generation vulnerabilities could allow a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a reflected cross-site scripting attack against other WebReport users.
An improper restriction of XML external entity reference vulnerability could allow an authenticated remote user to inject arbitrary XML code and obtain disclosure of confidential data, cause a denial-of-service condition, or execute server-side request forgery due to improper configuration of the XML parser.
An improper access control vulnerability could allow a remote attacker access to restricted web resources due to improper access control.
An unquoted search path vulnerability could allow any local Windows user with write permissions on at least one of the subfolders of the connect agent service binary path to gain the privilege of the user who started the service.
An improper neutralization of an input during webpage generation vulnerability could allow an attacker to inject HTML and JavaScript code into the user’s browser.
Loss of availability Confidentiality Integrity
Schneider Electric
Schneider Electric recommends users upgrade to Version 3.2