Browse all 3 CVE security advisories affecting Loway. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Loway develops network monitoring and management solutions for enterprise IT infrastructure. Historically, the product has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the three CVEs on record highlight persistent issues in access control and secure coding practices. The application's exposure to network traffic increases its attack surface, making proper configuration and timely patching critical for organizations using this monitoring platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-42343 | Loway - CWE-204: Observable Response Discrepancy — QueueMetricsCWE-204 | 5.3 | Medium | 2024-09-08 |
| CVE-2024-42342 | Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') — QueueMetricsCWE-444 | 4.3 | Medium | 2024-09-08 |
| CVE-2024-42341 | Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') — QueueMetricsCWE-601 | 6.1 | Medium | 2024-09-08 |
This page lists every published CVE security advisory associated with Loway. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.