Deception Security Vulnerabilities and Issues — Deception CVE List

Lucene search

FidelissecurityDeception

4 matches found

CVE•added 2021/06/25 12:15 p.m.•50 views

CVE-2021-35049

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated sessi...

9.9CVSS9.1AI score0.03366EPSS

CVE•added 2021/06/25 12:15 p.m.•44 views

CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions ...

9.8CVSS10AI score0.00785EPSS

CVE•added 2021/06/25 12:15 p.m.•41 views

CVE-2021-35050

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions...

7.5CVSS6.8AI score0.00307EPSS

CVE•added 2021/06/25 12:15 p.m.•40 views

CVE-2021-35047

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deceptio...

9.9CVSS8.8AI score0.00894EPSS