Filtered by vendor Sunbirddcim
Subscriptions
Filtered by product Power Iq
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55703 | 1 Sunbirddcim | 1 Power Iq | 2025-12-16 | 2.5 Low |
| An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, where the API call code was updated to ensure safe handling of input values. | ||||
| CVE-2025-66237 | 1 Sunbirddcim | 2 Dctrack, Power Iq | 2025-12-08 | 6.7 Medium |
| DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host. | ||||
| CVE-2025-66238 | 1 Sunbirddcim | 2 Dctrack, Power Iq | 2025-12-08 | 7.2 High |
| DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine. | ||||
Page 1 of 1.