Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
AviatrixController

15 matches found

CVE
CVEadded 2021/09/13 7:41 a.m.1069 views

CVE-2021-40870

Summary (CVE-2021-40870) : Aviatrix Controller 6.x before 6.5-1804.1922 is affected by an unrestricted file upload via a directory traversal flaw that enables an unauthenticated attacker to execute arbitrary code. The base vulnerability is described in the primary CVE record, which lists the affe...

9.8CVSS9.6AI score0.9426EPSS
In wildWeb
CVE
CVEadded 2025/01/08 12:0 a.m.269 views

CVE-2024-50603

CVE-2024-50603 in Aviatrix Controller (versions < 7.1.4191 for 7.1.x and

10CVSS9.8AI score0.94362EPSS
In wildWeb
CVE
CVEadded 2020/05/22 8:47 p.m.162 views

CVE-2020-13417

CVE-2020-13417 is an Elevation of Privilege affecting Aviatrix VPN Client, linked to an incomplete fix for CVE-2020-7224. Connected sources confirm the issue occurs on Linux, macOS, and Windows installations when OpenSSL parameters are altered from the issued values, enabling loading of unauthori...

9.8CVSS9.4AI score0.01174EPSS
CVE
CVEadded 2020/05/22 8:48 p.m.130 views

CVE-2020-13414

CVE-2020-13414 affects Aviatrix Controller prior to 5.4.1204. The issue is an information disclosure vulnerability described as credentials unused by the software. NVD metrics list CVSSv3.1 base score 7.5 (HIGH) with network access and low exploit complexity; confidentiality impact HIGH, others N...

7.5CVSS7.5AI score0.00557EPSS
CVE
CVEadded 2020/05/22 8:48 p.m.130 views

CVE-2020-13415

CVE-2020-13415: Multiple records describe an XML Signature Wrapping vulnerability in Aviatrix Controller (v5.1 and earlier). An attacker with any signed SAML assertion from the IdP can establish a connection, even if the assertion is expired or the user is not authorized. This indicates a weaknes...

7.5CVSS7.4AI score0.00132EPSS
CVE
CVEadded 2020/05/22 8:48 p.m.124 views

CVE-2020-13413

CVE-2020-13413 affects Aviatrix Controller prior to version 5.4.1204. The issue is an observable response discrepancy in the API that makes it easier to enumerate valid usernames via brute force. Public references across multiple feeds describe this information disclosure vulnerability tying to u...

5.3CVSS5.2AI score0.00376EPSS
CVE
CVEadded 2020/05/22 8:48 p.m.123 views

CVE-2020-13412

The CVE-2020-13412 vulnerability affects Aviatrix Controller prior to 5.4.1204. A web API call did not perform a session token check, enabling Cross-Site Request Forgery (CSRF). The issue originates from inadequate request validation in the web interface, allowing unauthorized actions via forged ...

8.8CVSS8.5AI score0.0013EPSS
CVE
CVEadded 2020/05/22 8:48 p.m.121 views

CVE-2020-13416

The CVE-2020-13416 issue affects Aviatrix Controller prior to 5.4.1066. A CSRF vulnerability arises because a Controller Web Interface session token parameter is not required on an API call, enabling password resets via CSRF. Impact is password reset abuse; exploitation details are not provided b...

6.5CVSS6.6AI score0.0019EPSS
CVE
CVEadded 2020/11/17 8:58 p.m.66 views

CVE-2020-26552

Summary: CVE-2020-26552 affects Aviatrix Controller prior to R6.0.2483. The issue is improper access control: multiple API-endpoint executables do not require a valid session ID, enabling potential account takeover. Affected software: Aviatrix Controller (pre-R6.0.2483). Root cause: insufficient ...

7.5CVSS7.5AI score0.00282EPSS
CVE
CVEadded 2020/11/17 8:24 p.m.55 views

CVE-2020-26549

CVE-2020-26549 affects Aviatrix Controller prior to R5.4.1290. The vulnerability arises from an htaccess protection mechanism that prevents requests to directories, which can be bypassed to download files beyond a user’s rights. Documented impact in CNVD/NVD entries: an attacker could download re...

7.5CVSS7.5AI score0.00614EPSS
CVE
CVEadded 2020/11/17 8:59 p.m.50 views

CVE-2020-26553

CVE-2020-26553 affects Aviatrix Controller prior to R6.0.2483. Multiple APIs allow arbitrary files to be uploaded to the web tree, enabling remote code execution as described in connected CNVD/NVD records. Affected product: Aviatrix Controller; vulnerability root cause: file upload in API functio...

9.8CVSS9.3AI score0.00841EPSS
CVE
CVEadded 2020/11/17 8:22 p.m.46 views

CVE-2020-26548

Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...

9CVSS8.8AI score0.00427EPSS
CVE
CVEadded 2020/11/17 8:33 p.m.44 views

CVE-2020-26551

Aviatrix Controller before R5.3.1151 stores encrypted key values in a readable file, exposing plaintext encryption keys. CNVD-2021-17719 and NVD records confirm plaintext key storage prior to R5.3.1151; risk is confidentiality impact (high per CVSS3.1). Remediation: upgrade to R5.3.1151 or later ...

7.5CVSS7.4AI score0.00156EPSS
CVE
CVEadded 2020/11/17 8:26 p.m.40 views

CVE-2020-26550

CVE-2020-26550 pertains to Aviatrix Controller prior to R5.3.1151, where an encrypted file containing credentials is protected by a three-character key. The root cause is a weak key in the encrypted file, which has implications for confidentiality (HIGH per CVSS3.1). The connected documents confi...

7.5CVSS7.4AI score0.00245EPSS
CVE
CVEadded 2021/04/21 9:16 p.m.32 views

CVE-2020-27568

The CVE-2020-27568 entry concerns Aviatrix Controller 5.3.1516 with insecure file permissions. The issue is caused by the presence of world-writable files and directories in the controller resource, as noted in multiple sources. The information provided does not include specific vulnerable compon...

7.5CVSS7.6AI score0.00309EPSS