zucchetti CVE Vulnerabilities & Metrics

Focus on zucchetti vulnerabilities and metrics.

Last updated: 27 Apr 2025, 22:25 UTC

About zucchetti Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with zucchetti. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total zucchetti CVEs: 16
Earliest CVE date: 19 Jun 2019, 14:15 UTC
Latest CVE date: 13 Jan 2025, 22:15 UTC

Latest CVE reference: CVE-2023-42234

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 10

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical zucchetti CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.04

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS zucchetti CVEs

These are the five CVEs with the highest CVSS scores for zucchetti, sorted by severity first and recency.

CVE-2019-18206 zucchetti Published on 30 Oct 2019, 19:15 UTC (CVSS: 6.8)
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
CVE-2021-42369 zucchetti Published on 14 Oct 2021, 18:15 UTC (CVSS: 6.5)
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
CVE-2019-18204 zucchetti Published on 30 Oct 2019, 19:15 UTC (CVSS: 6.5)
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
CVE-2019-10257 zucchetti Published on 19 Jun 2019, 14:15 UTC (CVSS: 5.0)
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class
CVE-2019-18205 zucchetti Published on 30 Oct 2019, 19:15 UTC (CVSS: 4.3)
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.

All CVEs for zucchetti

CVE-2023-42234 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.

CVE-2023-42233 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.

CVE-2023-42232 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.

CVE-2023-42231 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

CVE-2023-42230 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.

CVE-2023-42229 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.

CVE-2023-42228 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.

CVE-2023-42227 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.

CVE-2023-42226 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.

CVE-2023-42225 zucchetti vulnerability CVSS: 0 13 Jan 2025, 22:15 UTC

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.

CVE-2021-42369 zucchetti vulnerability CVSS: 6.5 14 Oct 2021, 18:15 UTC

Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.

CVE-2019-18207 zucchetti vulnerability CVSS: 3.5 30 Oct 2019, 19:15 UTC

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.

CVE-2019-18206 zucchetti vulnerability CVSS: 6.8 30 Oct 2019, 19:15 UTC

A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.

CVE-2019-18205 zucchetti vulnerability CVSS: 4.3 30 Oct 2019, 19:15 UTC

Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.

CVE-2019-18204 zucchetti vulnerability CVSS: 6.5 30 Oct 2019, 19:15 UTC

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.

CVE-2019-10257 zucchetti vulnerability CVSS: 5.0 19 Jun 2019, 14:15 UTC

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class