Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Platform Manager Security Vulnerabilities

cve
cve

CVE-2020-25095

LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the...

8.8CVSS

7.3AI Score

0.001EPSS

2020-12-17 03:15 AM
33
1
cve
cve

CVE-2020-25096

LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM...

8.8CVSS

7.4AI Score

0.001EPSS

2020-12-17 03:15 AM
30
3
cve
cve

CVE-2020-25094

LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...

9.8CVSS

7.8AI Score

0.027EPSS

2020-12-17 03:15 AM
34
3