4 matches found
CVE-2021-1497
Cisco HyperFlex HX Data Platform (Cisco HyperFlex HX) contains CVE-2021-1497: multiple vulnerabilities in the web-based management interface that allow an unauthenticated remote attacker to perform command injection against the device. Affected product/version per public advisories: Cisco HyperFl...
CVE-2021-1498
Cisco HyperFlex HX Data Platform contains unauthenticated command injection vulnerabilities in its web-based management interface that could allow a remote attacker to execute arbitrary commands on the affected device. Evidence from multiple sources identifies CVE-2021-1498 as a remote command ex...
CVE-2021-1499
Cisco HyperFlex HX Data Platform is affected by an unauthenticated arbitrary file upload vulnerability in the web-based management interface. The issue arises from missing authentication on the /upload endpoint, allowing an attacker to upload files with the permissions of the Tomcat user (tomcat8...
CVE-2019-1958
The CVE-2019-1958 entry concerns Cisco HyperFlex Software. The vulnerability affects the web-based management interface and is caused by insufficient CSRF protections, enabling an unauthenticated, remote attacker to induce CSRF via social engineering (tricking a user to follow a malicious link). ...