opmantek CVE Vulnerabilities & Metrics

Focus on opmantek vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About opmantek Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opmantek. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opmantek CVEs: 18
Earliest CVE date: 10 Apr 2017, 03:59 UTC
Latest CVE date: 03 Jan 2022, 13:15 UTC

Latest CVE reference: CVE-2021-44674

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opmantek CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.42

Max CVSS: 9.3

Critical CVEs (≥9): 2

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	9
7.0-8.9	2
9.0-10.0	2

CVSS Distribution Chart

Top 5 Highest CVSS opmantek CVEs

These are the five CVEs with the highest CVSS scores for opmantek, sorted by severity first and recency.

CVE-2020-8813 opmantek Published on 22 Feb 2020, 02:15 UTC (CVSS: 9.3)
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-12078 opmantek Published on 28 Apr 2020, 14:15 UTC (CVSS: 9.0)
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without bein...
CVE-2021-40612 opmantek Published on 22 Dec 2021, 13:15 UTC (CVSS: 7.5)
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
CVE-2020-11942 opmantek Published on 29 Apr 2020, 22:15 UTC (CVSS: 7.5)
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
CVE-2020-11943 opmantek Published on 29 Apr 2020, 22:15 UTC (CVSS: 6.5)
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

All CVEs for opmantek

CVE-2021-44674 opmantek vulnerability CVSS: 4.0 03 Jan 2022, 13:15 UTC

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.

CVE-2021-40612 opmantek vulnerability CVSS: 7.5 22 Dec 2021, 13:15 UTC

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

CVE-2021-44916 opmantek vulnerability CVSS: 4.3 20 Dec 2021, 12:15 UTC

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

CVE-2021-3333 opmantek vulnerability CVSS: 4.3 05 Feb 2021, 14:15 UTC

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.

CVE-2021-3130 opmantek vulnerability CVSS: 4.3 20 Jan 2021, 16:15 UTC

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

CVE-2020-11943 opmantek vulnerability CVSS: 6.5 29 Apr 2020, 22:15 UTC

An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

CVE-2020-11942 opmantek vulnerability CVSS: 7.5 29 Apr 2020, 22:15 UTC

An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.

CVE-2020-12261 opmantek vulnerability CVSS: 3.5 28 Apr 2020, 22:15 UTC

Open-AudIT 3.3.0 allows an XSS attack after login.

CVE-2020-12078 opmantek vulnerability CVSS: 9.0 28 Apr 2020, 14:15 UTC

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

CVE-2020-11941 opmantek vulnerability CVSS: 6.5 27 Apr 2020, 17:15 UTC

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

CVE-2020-8813 opmantek vulnerability CVSS: 9.3 22 Feb 2020, 02:15 UTC

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

CVE-2019-16293 opmantek vulnerability CVSS: 6.5 13 Sep 2019, 17:15 UTC

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.

CVE-2018-16607 opmantek vulnerability CVSS: 3.5 19 Sep 2018, 15:29 UTC

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

CVE-2018-14493 opmantek vulnerability CVSS: 4.3 25 Jul 2018, 23:29 UTC

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.

CVE-2018-11124 opmantek vulnerability CVSS: 3.5 06 Jul 2018, 14:29 UTC

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

CVE-2018-10314 opmantek vulnerability CVSS: 3.5 10 May 2018, 03:29 UTC

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.

CVE-2016-6534 opmantek vulnerability CVSS: 6.0 10 Apr 2017, 03:59 UTC

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

CVE-2016-5642 opmantek vulnerability CVSS: 3.5 10 Apr 2017, 03:59 UTC

Opmantek NMIS before 8.5.12G has XSS via SNMP.