3 matches found
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 is affected by an Unauthenticated Stored XSS in the Apache logs. The PacktStorm entry details two vulnerability paths: (1) input from Basic Auth username stored in the Apache Error Log (HTTPS only), and (2) injected JavaScript via URLs (/?) stored i...
CVE-2020-13377
Summary: CVE-2020-13377 affects Loadbalancer.org Enterprise VA MAX (up to version 8.3.8). The web-services interface is vulnerable to a directory traversal flaw that an authenticated, remote, low-privileged attacker can exploit to read and write sensitive files. What’s affected: Loadbalancer.org ...
CVE-2020-13378
CVE-2020-13378 affects Loadbalancer.org Enterprise VA MAX up to version 8.3.8. The issue is an OS command injection in the appliance that could allow a remote authenticated attacker to execute arbitrary code. CVSS v3.1 base score 8.8 (HIGH) with network access, low attack complexity, and privileg...