CVE Tools

silver-peak

Networking Infrastructurecommercial

12

Cumulative CVEs

3

Monthly snapshots

#54

Peak rank

Top products

unity orchestrator3

Latest CVEs

The 15 most recently published vulnerabilities affecting silver-peak.

CVE-2020-12146Silver Peak Unity OrchestratorTM subject to path traversal.6.6Nov 5, 2020
CVE-2020-12147Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.6.6Nov 5, 2020
CVE-2020-12145Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers.6.6Nov 5, 2020
CVE-2020-12142IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials4.8May 5, 2020
CVE-2020-12144The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated6.0May 5, 2020
CVE-2020-12143The certificate used to identify Orchestrator to EdgeConnect devices is not validated6.0May 5, 2020
CVE-2019-16099Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.8.8Sep 8, 2019
CVE-2019-16100Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.7.5Sep 8, 2019
CVE-2019-16101Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.5.3Sep 8, 2019
CVE-2019-16102Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.9.8Sep 8, 2019
CVE-2019-16103Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.7.2Sep 8, 2019
CVE-2019-16104Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.6.1Sep 8, 2019
CVE-2019-16105Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.4.9Sep 8, 2019
CVE-2014-2975Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.4.3Jul 28, 2014
CVE-2014-2974Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that crea...6.8Jul 28, 2014