Aviatrix Controller 5.4.1140

CPE Details

Aviatrix Controller 5.4.1140
aviatrix
controller
5.4.1140
2020-05-29
13h02 +00:00
2020-05-29
13h02 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:aviatrix:controller:5.4.1140:*:*:*:*:*:*:*

Informations

Vendor

aviatrix

Product

controller

Version

5.4.1140

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-50603 2025-01-08 00h00 +00:00 An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
10
Critique
CVE-2020-13412 2020-05-22 18h48 +00:00 An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
8.8
Haute
CVE-2020-13413 2020-05-22 18h48 +00:00 An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
5.3
Moyen
CVE-2020-13414 2020-05-22 18h48 +00:00 An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
7.5
Haute