54 matches found
CVE-2021-35049
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated...
CVE-2021-35050
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versio...
CVE-2021-35047
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...
Design/Logic Flaw
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...
Command injection
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated...
CVE-2021-35049
The CVE concerns Fidelis Network and Deception CommandPost where an authenticated user could trigger a command injection via the web interface. Affected products are Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The root cause is an insecure handling of crafted HTTP reque...
CVE-2021-35050 User Credentials Stored in a Recoverable Format within Fidelis Network and Deception
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versio...
CVE-2021-35050
CVE-2021-35050 affects Fidelis Network and Deception CommandPost. User credentials are stored in a recoverable format; if an attacker gains access to CommandPost, these values could be decoded to log in. Affected versions are Fidelis Network and Deception prior to 9.3.3; the issue is addressed in...
CVE-2021-35048 Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...
CVE-2021-35048
CVE-2021-35048 affects Fidelis Network and Deception CommandPost, allowing unauthenticated SQL injection via the web interface. Affected: Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The flaw can lead to exposure of authentication tokens. Patches/updates exist to address...
PT-2021-20814 · Fidelis · Fidelis Network/Deception
Name of the Vulnerable Software and Affected Versions: Fidelis Network and Deception versions prior to 9.3.3 Description: The issue concerns user credentials being stored in a recoverable format within the system. If an attacker gains access to the CommandPost, they could decode and use these...
Fidelis Network 安全漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...
Fidelis Network Deception SQL注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. Fidelis Network suffers from a SQL injection...
Fidelis Network Deception 操作系统命令注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...