Lucene search
K
Silver-peakUnity Orchestrator

6 matches found

CVE
CVE
added 2020/05/05 7:54 p.m.80 views

CVE-2020-12142

CVE-2020-12142 affects the EdgeConnect appliance. An admin user with shell access can retrieve IPSec UDP key material (IPSec seed and nonce) via CLI, REST APIs, or the Linux shell, enabling potential decryption of in-flight traffic. The issue requires administrative access and is described across...

4.9CVSS5AI score0.00722EPSS
CVE
CVE
added 2020/05/05 7:53 p.m.77 views

CVE-2020-12143

The CVE-2020-12143 issue arises from failure to validate the certificate used to identify Orchestrator to EdgeConnect devices, allowing an attacker to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Affected product context centers on EdgeConnect/Orchestrator interaction...

6CVSS5.2AI score0.00338EPSS
CVE
CVE
added 2020/05/05 7:54 p.m.66 views

CVE-2020-12144

CVE-2020-12144 describes a trust-management vulnerability in Silver Peak EdgeConnect where the certificate used to identify the Cloud Portal to EdgeConnect devices is not validated. This allows establishing a TLS connection from EdgeConnect to an untrusted portal, potentially enabling man-in-the-...

6CVSS5.2AI score0.00338EPSS
CVE
CVE
added 2020/11/05 6:50 p.m.47 views

CVE-2020-12147

CVE-2020-12147 affects Silver Peak Unity Orchestrator. An authenticated user can issue unauthorized MySQL queries against the Orchestrator database through the /sqlExecution REST API. Affected versions: prior to 8.9.11+, 8.10.11+, or 9.0.1+. Documentation notes that patches are available to remed...

8.8CVSS7.4AI score0.01457EPSS
CVE
CVE
added 2020/11/05 6:51 p.m.37 views

CVE-2020-12146

CVE-2020-12146 concerns Silver Peak Unity Orchestrator path traversal via the /debugFiles REST API. An authenticated user can access, modify, and delete restricted files on the Orchestrator server. Affected versions are pre-8.9.11+, 8.10.11+, and 9.0.1+. ThreatPost notes that patches exist, and S...

8.8CVSS7.5AI score0.27569EPSS
CVE
CVE
added 2020/11/05 6:48 p.m.35 views

CVE-2020-12145

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are affected by CVE-2020-12145, which allows login via HTTP Host header spoofing to localhost. The vulnerability stems from authenticating REST API calls from localhost using the host header, enabling an attacker to byp...

9.8CVSS7.9AI score0.06047EPSS