maxum CVE Vulnerabilities & Metrics

Focus on maxum vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About maxum Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with maxum. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total maxum CVEs: 23
Earliest CVE date: 25 Aug 2009, 10:30 UTC
Latest CVE date: 12 Jan 2023, 16:15 UTC

Latest CVE reference: CVE-2022-46370

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical maxum CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.1

Max CVSS: 9.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	17
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS maxum CVEs

These are the five CVEs with the highest CVSS scores for maxum, sorted by severity first and recency.

CVE-2008-7078 maxum Published on 25 Aug 2009, 10:30 UTC (CVSS: 9.0)
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
CVE-2020-27574 maxum Published on 08 Mar 2021, 21:15 UTC (CVSS: 6.8)
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
CVE-2019-19659 maxum Published on 10 Feb 2020, 16:15 UTC (CVSS: 6.8)
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
CVE-2020-27575 maxum Published on 08 Mar 2021, 22:15 UTC (CVSS: 6.5)
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
CVE-2019-19669 maxum Published on 10 Feb 2020, 18:15 UTC (CVSS: 5.8)
A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.

All CVEs for maxum

CVE-2022-46370 maxum vulnerability CVSS: 0 12 Jan 2023, 16:15 UTC

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.

CVE-2022-46369 maxum vulnerability CVSS: 0 12 Jan 2023, 16:15 UTC

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.

CVE-2022-46368 maxum vulnerability CVSS: 0 12 Jan 2023, 16:15 UTC

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.

CVE-2022-46367 maxum vulnerability CVSS: 0 12 Jan 2023, 16:15 UTC

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.

CVE-2022-39187 maxum vulnerability CVSS: 0 12 Jan 2023, 16:15 UTC

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.

CVE-2020-27576 maxum vulnerability CVSS: 3.5 08 Mar 2021, 22:15 UTC

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.

CVE-2020-27575 maxum vulnerability CVSS: 6.5 08 Mar 2021, 22:15 UTC

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.

CVE-2020-27574 maxum vulnerability CVSS: 6.8 08 Mar 2021, 21:15 UTC

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.

CVE-2020-12737 maxum vulnerability CVSS: 4.0 08 May 2020, 16:15 UTC

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.

CVE-2019-19668 maxum vulnerability CVSS: 4.3 10 Feb 2020, 19:15 UTC

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.

CVE-2019-19670 maxum vulnerability CVSS: 4.3 10 Feb 2020, 18:15 UTC

A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.

CVE-2019-19669 maxum vulnerability CVSS: 5.8 10 Feb 2020, 18:15 UTC

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.

CVE-2019-19667 maxum vulnerability CVSS: 5.8 10 Feb 2020, 18:15 UTC

A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.

CVE-2019-19666 maxum vulnerability CVSS: 4.3 10 Feb 2020, 18:15 UTC

A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.

CVE-2019-19661 maxum vulnerability CVSS: 4.3 10 Feb 2020, 18:15 UTC

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.

CVE-2019-19664 maxum vulnerability CVSS: 5.8 10 Feb 2020, 17:15 UTC

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.

CVE-2019-19662 maxum vulnerability CVSS: 4.3 10 Feb 2020, 17:15 UTC

A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.

CVE-2019-19665 maxum vulnerability CVSS: 4.3 10 Feb 2020, 16:15 UTC

A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.

CVE-2019-19663 maxum vulnerability CVSS: 5.8 10 Feb 2020, 16:15 UTC

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.

CVE-2019-19660 maxum vulnerability CVSS: 4.3 10 Feb 2020, 16:15 UTC

A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.

CVE-2019-19659 maxum vulnerability CVSS: 6.8 10 Feb 2020, 16:15 UTC

A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.

CVE-2020-8514 maxum vulnerability CVSS: 4.3 02 Feb 2020, 15:15 UTC

An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.

CVE-2019-19368 maxum vulnerability CVSS: 4.3 16 Dec 2019, 16:15 UTC

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts

CVE-2008-7078 maxum vulnerability CVSS: 9.0 25 Aug 2009, 10:30 UTC

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.