15 matches found
CVE-2021-1497
Cisco HyperFlex HX Data Platform (Cisco HyperFlex HX) contains CVE-2021-1497: multiple vulnerabilities in the web-based management interface that allow an unauthenticated remote attacker to perform command injection against the device. Affected product/version per public advisories: Cisco HyperFl...
CVE-2021-1498
Cisco HyperFlex HX Data Platform contains unauthenticated command injection vulnerabilities in its web-based management interface that could allow a remote attacker to execute arbitrary commands on the affected device. Evidence from multiple sources identifies CVE-2021-1498 as a remote command ex...
CVE-2023-20263
CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...
CVE-2021-1499
Cisco HyperFlex HX Data Platform is affected by an unauthenticated arbitrary file upload vulnerability in the web-based management interface. The issue arises from missing authentication on the /upload endpoint, allowing an attacker to upload files with the permissions of the Tomcat user (tomcat8...
CVE-2019-1664
Cisco HyperFlex HX-Series is affected by an unauthenticated root-access vulnerability in the hxterm service. An unauthenticated, local attacker could connect to hxterm as a non-privileged user and gain root access to all member nodes in the cluster. Affected releases are prior to 3.5(2a). Cisco p...
CVE-2017-12315
CVE-2017-12315 affects Cisco HyperFlex System: the vulnerability is in the system logging path during replication configuration, where sensitive information is not properly masked in log files. An authenticated, local attacker (administrative user) could view restricted information in the system ...
CVE-2019-1958
The CVE-2019-1958 entry concerns Cisco HyperFlex Software. The vulnerability affects the web-based management interface and is caused by insufficient CSRF protections, enabling an unauthenticated, remote attacker to induce CSRF via social engineering (tricking a user to follow a malicious link). ...
CVE-2018-15423
CVE-2018-15423 affects the web UI of Cisco HyperFlex Software. The vulnerability stems from insufficient input validation of iFrame data in HTTP requests, allowing an unauthenticated, remote attacker to affect device integrity via a clickjacking attack. Details from multiple sources (including Ci...
CVE-2018-15382
CVE-2018-15382 (Cisco HyperFlex): A static signing key present in all Cisco HyperFlex systems enables an unauthenticated attacker to generate valid, signed session tokens and access the HyperFlex Web UI on other systems. Connected sources indicate affected software prior to 3.5(1a) and describe t...
CVE-2018-15429
The CVE-2018-15429 issue affects Cisco HyperFlex HX Data Platform Software and stems from improper input validation and lack of proper authorization in the web-based UI. An unauthenticated, remote attacker could exploit via malicious HTTP requests to access files containing sensitive data (partia...
CVE-2019-1665
Cisco HyperFlex web-based management interface suffers a stored XSS vulnerability (CVE-2019-1665) due to insufficient validation of user input. Affected versions: prior to 3.5(1a). An unauthenticated, remote attacker can lure a user into clicking a malicious link, enabling execution of arbitrary ...
CVE-2019-1666
CVE-2019-1666 is a vulnerability in the Graphite service of Cisco HyperFlex software where an unauthenticated, remote attacker could retrieve statistics data due to insufficient authentication controls. Affected versions are prior to 3.5(2a). The impact is data exposure from the Graphite service;...
CVE-2018-15380
Cisco HyperFlex Software contains a vulnerability in the cluster service manager due to insufficient input validation. An unauthenticated, adjacent attacker can connect to the cluster service manager and inject commands into the bound process, enabling execution of commands on the affected host a...
CVE-2019-1667
CVE-2019-1667 describes a vulnerability in the Graphite interface of Cisco HyperFlex software where an authenticated, local attacker can write arbitrary data to Graphite due to insufficient authorization controls. A successful exploit could cause invalid statistics to be presented in the Graphite...
CVE-2018-15407
CVE-2018-15407 affects Cisco HyperFlex Software. Root cause: during installation, residual installation files are not properly cleaned up, enabling a local, authenticated attacker to read sensitive information about system configuration. The vulnerability is information disclosure via accessible ...