High
CVSS: 8.8
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve re…
Medium
CVSS: 5.3
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing se…
Medium
CVSS: 6.5
An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.