Stormshield Endpoint Security (SES) 2.1.0

CPE Details

Stormshield Endpoint Security (SES) 2.1.0
stormshield
endpoint_security
2.1.0
2021-07-14
12h19 +00:00
2021-08-17
13h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:stormshield:endpoint_security:2.1.0:*:*:*:*:*:*:*

Informations

Vendor

stormshield

Product

endpoint_security

Version

2.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-35799 2023-06-26 22h00 +00:00 Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
5.5
Medium
CVE-2023-35800 2023-06-26 22h00 +00:00 Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
4.3
Medium
CVE-2022-4304 2023-02-08 19h04 +00:00 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
5.9
Medium
CVE-2021-45090 2021-12-21 14h17 +00:00 Stormshield Endpoint Security before 2.1.2 allows remote code execution.
9.8
Critical
CVE-2021-45089 2021-12-21 14h15 +00:00 Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
5.2
Medium
CVE-2021-45091 2021-12-21 14h10 +00:00 Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
4.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.