Lucene search
K
CiscoHyperflex Hx Data Platform

15 matches found

CVE
CVE
added 2021/05/06 12:41 p.m.1132 views

CVE-2021-1497

Cisco HyperFlex HX Data Platform (Cisco HyperFlex HX) contains CVE-2021-1497: multiple vulnerabilities in the web-based management interface that allow an unauthenticated remote attacker to perform command injection against the device. Affected product/version per public advisories: Cisco HyperFl...

10CVSS9.9AI score0.99928EPSS
In wild
CVE
CVE
added 2021/05/06 12:41 p.m.1095 views

CVE-2021-1498

Cisco HyperFlex HX Data Platform contains unauthenticated command injection vulnerabilities in its web-based management interface that could allow a remote attacker to execute arbitrary commands on the affected device. Evidence from multiple sources identifies CVE-2021-1498 as a remote command ex...

9.8CVSS9.9AI score0.99999EPSS
In wild
CVE
CVE
added 2023/09/06 5:10 p.m.227 views

CVE-2023-20263

CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...

6.1CVSS6.2AI score0.0048EPSS
In wild
CVE
CVE
added 2021/05/06 12:41 p.m.114 views

CVE-2021-1499

Cisco HyperFlex HX Data Platform is affected by an unauthenticated arbitrary file upload vulnerability in the web-based management interface. The issue arises from missing authentication on the /upload endpoint, allowing an attacker to upload files with the permissions of the Tomcat user (tomcat8...

5.3CVSS5.3AI score0.80426EPSS
Web
CVE
CVE
added 2019/02/21 7:0 p.m.61 views

CVE-2019-1664

Cisco HyperFlex HX-Series is affected by an unauthenticated root-access vulnerability in the hxterm service. An unauthenticated, local attacker could connect to hxterm as a non-privileged user and gain root access to all member nodes in the cluster. Affected releases are prior to 3.5(2a). Cisco p...

8.1CVSS7.9AI score0.00334EPSS
CVE
CVE
added 2017/11/16 7:0 a.m.60 views

CVE-2017-12315

CVE-2017-12315 affects Cisco HyperFlex System: the vulnerability is in the system logging path during replication configuration, where sensitive information is not properly masked in log files. An authenticated, local attacker (administrative user) could view restricted information in the system ...

6CVSS5.6AI score0.00326EPSS
CVE
CVE
added 2019/08/08 7:30 a.m.58 views

CVE-2019-1958

The CVE-2019-1958 entry concerns Cisco HyperFlex Software. The vulnerability affects the web-based management interface and is caused by insufficient CSRF protections, enabling an unauthenticated, remote attacker to induce CSRF via social engineering (tricking a user to follow a malicious link). ...

8.8CVSS6.7AI score0.006EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.56 views

CVE-2018-15423

CVE-2018-15423 affects the web UI of Cisco HyperFlex Software. The vulnerability stems from insufficient input validation of iFrame data in HTTP requests, allowing an unauthenticated, remote attacker to affect device integrity via a clickjacking attack. Details from multiple sources (including Ci...

4.7CVSS4.8AI score0.00922EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.55 views

CVE-2018-15382

CVE-2018-15382 (Cisco HyperFlex): A static signing key present in all Cisco HyperFlex systems enables an unauthenticated attacker to generate valid, signed session tokens and access the HyperFlex Web UI on other systems. Connected sources indicate affected software prior to 3.5(1a) and describe t...

8.6CVSS8.6AI score0.01281EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.55 views

CVE-2018-15429

The CVE-2018-15429 issue affects Cisco HyperFlex HX Data Platform Software and stems from improper input validation and lack of proper authorization in the web-based UI. An unauthenticated, remote attacker could exploit via malicious HTTP requests to access files containing sensitive data (partia...

5.3CVSS5.2AI score0.01116EPSS
CVE
CVE
added 2019/02/21 7:0 p.m.55 views

CVE-2019-1665

Cisco HyperFlex web-based management interface suffers a stored XSS vulnerability (CVE-2019-1665) due to insufficient validation of user input. Affected versions: prior to 3.5(1a). An unauthenticated, remote attacker can lure a user into clicking a malicious link, enabling execution of arbitrary ...

6.1CVSS5.2AI score0.01094EPSS
CVE
CVE
added 2019/02/21 7:0 p.m.55 views

CVE-2019-1666

CVE-2019-1666 is a vulnerability in the Graphite service of Cisco HyperFlex software where an unauthenticated, remote attacker could retrieve statistics data due to insufficient authentication controls. Affected versions are prior to 3.5(2a). The impact is data exposure from the Graphite service;...

5.3CVSS5.4AI score0.02208EPSS
CVE
CVE
added 2019/02/20 11:0 p.m.50 views

CVE-2018-15380

Cisco HyperFlex Software contains a vulnerability in the cluster service manager due to insufficient input validation. An unauthenticated, adjacent attacker can connect to the cluster service manager and inject commands into the bound process, enabling execution of commands on the affected host a...

8.8CVSS8.9AI score0.01133EPSS
CVE
CVE
added 2019/02/21 8:0 p.m.50 views

CVE-2019-1667

CVE-2019-1667 describes a vulnerability in the Graphite interface of Cisco HyperFlex software where an authenticated, local attacker can write arbitrary data to Graphite due to insufficient authorization controls. A successful exploit could cause invalid statistics to be presented in the Graphite...

4CVSS4AI score0.00174EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.49 views

CVE-2018-15407

CVE-2018-15407 affects Cisco HyperFlex Software. Root cause: during installation, residual installation files are not properly cleaned up, enabling a local, authenticated attacker to read sensitive information about system configuration. The vulnerability is information disclosure via accessible ...

5.5CVSS5.1AI score0.00286EPSS