Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | |||||
| CVE-2020-13414 | 1 Aviatrix | 2 Controller, Gateway | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | |||||
| CVE-2020-26552 | 1 Aviatrix | 1 Controller | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | |||||
| CVE-2020-26550 | 1 Aviatrix | 1 Controller | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | |||||
| CVE-2020-26548 | 1 Aviatrix | 1 Controller | 2020-11-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | |||||
| CVE-2020-26549 | 1 Aviatrix | 1 Controller | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | |||||
| CVE-2020-26551 | 1 Aviatrix | 1 Controller | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | |||||
| CVE-2020-13412 | 1 Aviatrix | 1 Controller | 2020-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | |||||
| CVE-2020-13415 | 1 Aviatrix | 1 Controller | 2020-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. | |||||