15 matches found
CVE-2022-4304
CVE-2022-4304 describes a timing-based side‑channel in OpenSSL’s RSA decryption implementation that could allow recovering plaintext over the network via a Bleichenbacher‑style attack. It affects all RSA padding modes (PKCS#1 v1.5, RSA‑OAEP, and RSASVE). The connected Astra Linux bulletin reprodu...
CVE-2023-23561
Summary: CVE-2023-23561 affects Stormshield Endpoint Security, versions 2.3.0–2.3.2, due to an incorrect access control that lets authenticated users read sensitive information. The issue is a local, low-complexity access control flaw (AV:L/AC:L/PR:L) with HIGH confidentiality impact and no integ...
CVE-2021-31225
CVE-2021-31225 affects Stormshield SES Evolution prior to 2.1.0. The issue allows deleting resources not currently in use by any security policy by leveraging access to a computer with the administration console installed. The impact relates to resource deletion with partial integrity and availab...
CVE-2023-23562
CVE-2023-23562 affects Stormshield Endpoint Security versions 2.3.0 through 2.3.2. The underlying issue is an Incorrect Access Control that allows an authenticated user to update global parameters. Documents consistently describe the vulnerability without providing a confirmed remediation in the ...
CVE-2021-31221
The vulnerability CVE-2021-31221 affects Stormshield SES Evolution prior to version 2.1.0. Affected component is the SES Evolution security policy handling, where an attacker with access to a workstation running the administration console can delete parts of the security policy due to a likely au...
CVE-2021-45090
CVE-2021-45090 affects Stormshield Endpoint Security; versions before 2.1.2 are vulnerable to remote code execution. The root cause is improper handling of externally entered data when constructing code segments. Impact is remote code execution with high confidentiality, integrity, and availabili...
CVE-2023-35800
CVE-2023-35800 affects Stormshield Endpoint Security Evolution versions 2.0.0–2.4.2. The issue is an insecure ACL on the SES Evolution agent directory containing GUI-displayed logs, allowing interactive users to read data reserved for administrators. The vulnerability’s impact is limited to infor...
CVE-2021-31220
CVE-2021-31220 affects Stormshield SES Evolution prior to 2.1.0. A processing logic error allows a user with read-only privileges to modify security policies, i.e., the vulnerability enables policy changes despite limited access. Affected products/versions are: SES Evolution
CVE-2021-31223
CVE-2021-31223 affects SES Evolution (French Stormshield) before version 2.1.0. An unauthorized read of parts of a security policy is possible when an infected computer has the administration console installed, enabling a local/near-local attacker to access policy details. The root cause is an ac...
CVE-2021-35957
CVE-2021-35957 affects Stormshield Endpoint Security Evolution 2.0.0–2.0.2. The issue is a local-privilege concern where an attacker with local access can replace Visual C++ runtime DLLs in %WINDIR%\system32 with malicious versions, undermining the intended defense. Root cause: insufficient prote...
CVE-2021-31224
The connected Red Hat advisory confirms CVE-2021-31224 affects SES Evolution prior to version 2.1.0. The vulnerability allows a user with read-only access to security policies to duplicate an existing policy, effectively bypassing intended policy immutability. The root cause is a permission/logic...
CVE-2021-45089
CVE-2021-45089 affects Stormshield Endpoint Security 2.x (pre-2.1.2) due to Incorrect Access Control. Root cause: improper access control in the product, enabling potential impact on availability. CVSSv3.1 base metrics indicate Avatar: Adjacent, Privileges Required: Low, User Interaction Required...
CVE-2021-45091
The CVE-2021-45091 entry concerns Stormshield Endpoint Security, versions 2.1.0 through 2.1.1, with an incorrect access control vulnerability. Available connected documents confirm the affected product and version range but do not disclose technical details about the root cause, specific componen...
CVE-2023-35799
Affected product: Stormshield Endpoint Security Evolution (SES Evolution) agent. Vulnerability: Insecure permissions allow an interactive user to use the SES Evolution agent to create arbitrary files with local system privileges. Versions affected: 2.0.0 through 2.3.2. Root cause/impact: Local pr...
CVE-2021-31222
CVE-2021-31222 affects Stormshield SES Evolution prior to 2.1.0. The issue is an authorization flaw that, when an administrator console is accessible, allows updating some security policies on the target system. Impact is defined as the ability to modify policy settings via a compromised access p...