Controller@5.3.1516 Security Vulnerabilities and Issues — Controller@5.3.1516 CVE List

Lucene search

AviatrixController5.3.1516

7 matches found

CVE•added 2020/11/17 9:15 p.m.•53 views

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.

7.5CVSS7.5AI score0.00282EPSS

CVE•added 2020/11/17 9:15 p.m.•47 views

CVE-2020-26549

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.

7.5CVSS7.5AI score0.00614EPSS

CVE•added 2020/11/17 9:15 p.m.•36 views

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.

7.5CVSS7.4AI score0.00156EPSS

CVE•added 2020/11/17 9:15 p.m.•36 views

CVE-2020-26553

An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

9.8CVSS9.3AI score0.00841EPSS

CVE•added 2020/11/17 9:15 p.m.•35 views

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.

9CVSS8.8AI score0.00427EPSS

CVE•added 2020/11/17 9:15 p.m.•31 views

CVE-2020-26550

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.

7.5CVSS7.4AI score0.00245EPSS

CVE•added 2021/04/21 10:15 p.m.•23 views

CVE-2020-27568

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.

7.5CVSS7.6AI score0.00309EPSS