CVE-2016-8378 is a critical vulnerability in Lynxspring JENEsys BAS Bridge version 1.1.8 and earlier. According to the official CVE/NVD record, the application's database lacks sufficient safeguards for protecting credentials, which can expose sensitive authentication data. NVD assigns a CVSS v3.0 score of 9.8, reflecting network attackability and high impact to confidentiality, integrity, and availabilit [truncated]
CVE-2016-8369 is a cross-site request forgery (CSRF) vulnerability in Lynxspring JENEsys BAS Bridge versions 1.1.8 and earlier. The issue is that the application does not sufficiently verify whether a request was intentionally made by the authenticated user, which can allow unintended actions to be triggered through a victim’s browser session. NVD rates the issue as HIGH severity with a CVSS v3.0 score of 8.8.
CVE-2016-8361 is a high-severity authentication weakness in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. According to the CVE record, the application uses a hard-coded username with no password, which can allow an attacker to gain access without authentication. NVD classifies the issue as CWE-798 and assigns CVSS 3.0 8.6 (network reachable, no privileges required, no user interaction).
CVE-2016-8357 affects Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. According to NVD, a user with read-only access can send commands that the application accepts, which can let an attacker make changes inside the application despite having only limited privileges.
