Browse all 3 CVE security advisories affecting ITarian. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ITarian provides IT management and remote monitoring solutions for businesses. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws. The platform has three CVEs recorded, with one critical RCE vulnerability allowing unauthorized system access. Security researchers have identified authentication bypass issues and insufficient input validation in multiple components. While no major public security incidents have been documented, the consistent presence of privilege escalation vulnerabilities suggests potential for unauthorized administrative access. The platform's broad system permissions make such vulnerabilities particularly concerning, as they could allow attackers to compromise entire networks through a single compromised endpoint.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-25151 | ITarian - Session cookie not protected by HttpOnly flag — ITarian SaaS platform / on-premiseCWE-614 | 7.5 | High | 2022-06-08 |
| CVE-2022-25152 | ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals — ITarian platform (SAAS / on-premise)CWE-358 | 9.9 | Critical | 2022-06-08 |
| CVE-2022-25153 | ITarian - Local privilege escalation in Endpoint Manager agent on Windows — Endpoint Manager Communication Client for WindowsCWE-275 | 7.8 | High | 2022-06-08 |
This page lists every published CVE security advisory associated with ITarian. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.