Lucene search
K
StormshieldEndpoint Security

15 matches found

CVE
CVE
added 2023/02/08 7:4 p.m.923 views

CVE-2022-4304

CVE-2022-4304 describes a timing-based side‑channel in OpenSSL’s RSA decryption implementation that could allow recovering plaintext over the network via a Bleichenbacher‑style attack. It affects all RSA padding modes (PKCS#1 v1.5, RSA‑OAEP, and RSASVE). The connected Astra Linux bulletin reprodu...

5.9CVSS6.9AI score0.16195EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.58 views

CVE-2023-23561

Summary: CVE-2023-23561 affects Stormshield Endpoint Security, versions 2.3.0–2.3.2, due to an incorrect access control that lets authenticated users read sensitive information. The issue is a local, low-complexity access control flaw (AV:L/AC:L/PR:L) with HIGH confidentiality impact and no integ...

5.5CVSS5.4AI score0.00147EPSS
CVE
CVE
added 2021/07/13 12:57 p.m.57 views

CVE-2021-31225

CVE-2021-31225 affects Stormshield SES Evolution prior to 2.1.0. The issue allows deleting resources not currently in use by any security policy by leveraging access to a computer with the administration console installed. The impact relates to resource deletion with partial integrity and availab...

7.3CVSS7.1AI score0.00333EPSS
CVE
CVE
added 2023/05/31 12:0 a.m.57 views

CVE-2023-23562

CVE-2023-23562 affects Stormshield Endpoint Security versions 2.3.0 through 2.3.2. The underlying issue is an Incorrect Access Control that allows an authenticated user to update global parameters. Documents consistently describe the vulnerability without providing a confirmed remediation in the ...

4.3CVSS4.7AI score0.00407EPSS
CVE
CVE
added 2021/07/13 1:31 p.m.54 views

CVE-2021-31221

The vulnerability CVE-2021-31221 affects Stormshield SES Evolution prior to version 2.1.0. Affected component is the SES Evolution security policy handling, where an attacker with access to a workstation running the administration console can delete parts of the security policy due to a likely au...

5.7CVSS5.6AI score0.00487EPSS
CVE
CVE
added 2021/12/21 3:17 p.m.54 views

CVE-2021-45090

CVE-2021-45090 affects Stormshield Endpoint Security; versions before 2.1.2 are vulnerable to remote code execution. The root cause is improper handling of externally entered data when constructing code segments. Impact is remote code execution with high confidentiality, integrity, and availabili...

10CVSS9.8AI score0.02927EPSS
CVE
CVE
added 2023/06/27 12:0 a.m.53 views

CVE-2023-35800

CVE-2023-35800 affects Stormshield Endpoint Security Evolution versions 2.0.0–2.4.2. The issue is an insecure ACL on the SES Evolution agent directory containing GUI-displayed logs, allowing interactive users to read data reserved for administrators. The vulnerability’s impact is limited to infor...

4.3CVSS4.4AI score0.00385EPSS
CVE
CVE
added 2021/07/13 1:15 p.m.50 views

CVE-2021-31220

CVE-2021-31220 affects Stormshield SES Evolution prior to 2.1.0. A processing logic error allows a user with read-only privileges to modify security policies, i.e., the vulnerability enables policy changes despite limited access. Affected products/versions are: SES Evolution

5.2CVSS5.2AI score0.00304EPSS
CVE
CVE
added 2021/07/13 1:19 p.m.50 views

CVE-2021-31223

CVE-2021-31223 affects SES Evolution (French Stormshield) before version 2.1.0. An unauthorized read of parts of a security policy is possible when an infected computer has the administration console installed, enabling a local/near-local attacker to access policy details. The root cause is an ac...

5.7CVSS5.6AI score0.00607EPSS
CVE
CVE
added 2021/07/13 1:5 p.m.49 views

CVE-2021-35957

CVE-2021-35957 affects Stormshield Endpoint Security Evolution 2.0.0–2.0.2. The issue is a local-privilege concern where an attacker with local access can replace Visual C++ runtime DLLs in %WINDIR%\system32 with malicious versions, undermining the intended defense. Root cause: insufficient prote...

6.7CVSS6.4AI score0.00251EPSS
CVE
CVE
added 2021/07/13 1:10 p.m.47 views

CVE-2021-31224

The connected Red Hat advisory confirms CVE-2021-31224 affects SES Evolution prior to version 2.1.0. The vulnerability allows a user with read-only access to security policies to duplicate an existing policy, effectively bypassing intended policy immutability. The root cause is a permission/logic...

3.5CVSS4.2AI score0.00329EPSS
CVE
CVE
added 2021/12/21 3:15 p.m.44 views

CVE-2021-45089

CVE-2021-45089 affects Stormshield Endpoint Security 2.x (pre-2.1.2) due to Incorrect Access Control. Root cause: improper access control in the product, enabling potential impact on availability. CVSSv3.1 base metrics indicate Avatar: Adjacent, Privileges Required: Low, User Interaction Required...

5.2CVSS5.3AI score0.00279EPSS
CVE
CVE
added 2021/12/21 3:10 p.m.44 views

CVE-2021-45091

The CVE-2021-45091 entry concerns Stormshield Endpoint Security, versions 2.1.0 through 2.1.1, with an incorrect access control vulnerability. Available connected documents confirm the affected product and version range but do not disclose technical details about the root cause, specific componen...

4.3CVSS4.7AI score0.00553EPSS
CVE
CVE
added 2023/06/27 12:0 a.m.44 views

CVE-2023-35799

Affected product: Stormshield Endpoint Security Evolution (SES Evolution) agent. Vulnerability: Insecure permissions allow an interactive user to use the SES Evolution agent to create arbitrary files with local system privileges. Versions affected: 2.0.0 through 2.3.2. Root cause/impact: Local pr...

5.5CVSS5.5AI score0.0019EPSS
CVE
CVE
added 2021/07/13 1:27 p.m.42 views

CVE-2021-31222

CVE-2021-31222 affects Stormshield SES Evolution prior to 2.1.0. The issue is an authorization flaw that, when an administrator console is accessible, allows updating some security policies on the target system. Impact is defined as the ability to modify policy settings via a compromised access p...

5.7CVSS5.6AI score0.00459EPSS