HIGH🇵🇱 Wersja polska

CVE-2026-32650

CVSS 7.5v3.1pub. 2026-04-17upd. 2026-05-04

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Anviz Crosschex Standard

    APP
    Anviz
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-40434HIGH8.1ten sam produkt

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injectio...

CVE-2026-35546CRITICAL9.8PL ✓ten sam vendor

Nieautoryzowane przesyłanie firmware w urządzeniach Anviz CX2 Lite i CX7

CVE-2019-12394CRITICAL9.8ten sam vendor

Anviz access control devices allow unverified password change which allows remote attackers to change the admi...

CVE-2019-12392CRITICAL9.8ten sam vendor

Anviz access control devices allow remote attackers to issue commands without a password.

CVE-2019-12518CRITICAL9.8ten sam vendor

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulne...