Hyperflex Hx Data Platform@3.0(1a) Security Vulnerabilities and Issues — Hyperflex Hx Data Platform@3.0(1a) CVE List

Lucene search

CiscoHyperflex Hx Data Platform3.0(1a)

9 matches found

CVE•added 2019/02/21 7:29 p.m.•47 views

CVE-2019-1664

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxter...

8.1CVSS7.9AI score0.00398EPSS

CVE•added 2018/10/05 2:29 p.m.•45 views

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An ...

4.7CVSS4.8AI score0.00105EPSS

CVE•added 2019/02/21 7:29 p.m.•43 views

CVE-2019-1665

A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient valid...

6.1CVSS5.2AI score0.00124EPSS

CVE•added 2019/02/21 7:29 p.m.•41 views

CVE-2019-1666

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests ...

5.3CVSS5.4AI score0.01589EPSS

CVE•added 2018/10/05 2:29 p.m.•40 views

CVE-2018-15382

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static...

8.6CVSS8.6AI score0.00676EPSS

CVE•added 2019/02/21 8:0 p.m.•40 views

CVE-2019-1667

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Gr...

4CVSS4AI score0.00028EPSS

CVE•added 2019/02/20 11:29 p.m.•37 views

CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster ser...

8.8CVSS8.9AI score0.00165EPSS

CVE•added 2018/10/05 2:29 p.m.•37 views

CVE-2018-15407

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installa...

5.5CVSS5.1AI score0.00061EPSS

CVE•added 2018/10/05 2:29 p.m.•37 views

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit th...

5.3CVSS5.2AI score0.00385EPSS