3 matches found
CVE-2024-3543
CVE-2024-3543 concerns Kemp LoadMaster components where a reversible password encryption method can be used to decrypt stored passwords. The underlying issue is that sensitive credentials can be decrypted by an attacker, enabling use of stolen credentials for arbitrary actions that could compromi...
CVE-2024-3544
CVE-2024-3544 concerns Kemp LoadMaster in HA/Cluster partner communications. The vulnerability allows unauthenticated attackers who share network access to the affected machine to perform actions using SSH private keys. Root cause is insufficient authentication between partners during communicati...
CVE-2024-2449
CVE-2024-2449 describes a cross-site request forgery in Kemp LoadMaster. An authenticated LoadMaster administrator, who knows the IP/hostname, can be lured to a malicious site where a CSRF payload issues HTTP transactions on behalf of the admin. The core impact is unauthorized actions performed i...