Unauthorized File Upload Vulnerability in Barco Control Room Management Suite
CVE-2022-26971

5.3MEDIUM

Key Information:

Vendor: Barco
Status: Control Room Management Suite
Vendor: CVE Published:; 2 June 2022

What is CVE-2022-26971?

The Barco Control Room Management Suite, specifically in the TransForm N web application prior to version 3.14, contains a significant security flaw that allows for unauthorized file uploads. This vulnerability can be exploited by attackers to upload malicious files without any authentication, potentially leading to further compromise of the web application and the underlying system. Users of affected versions are strongly advised to review their security measures and upgrade to a patched version to mitigate risks.

References

https://www.barco.com/en/support/transform-n-management-s...

x_refsource_MISC

https://www.barco.com/en/support/knowledge-base/KB12681

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Mar 12, 2022