3 matches found
CVE-2022-22703
Stormshield SSO Agent 2.x (before 2.1.1) and 3.x (before 3.0.2) expose cleartext credentials because their installer .exe log files contain the user password and PSK. Root cause: sensitive data is written to log files during installation; impact is exposure of credentials via local logs. The prov...
CVE-2021-45885
Stormshield Network Security (SNS) versions 4.2.2–4.2.7 are affected by a password handling issue where the first SSH password change does not properly clear the old password during a specific update-migration scenario. This can impact confidentiality (as per CVSS 3.1 base score 7.5) and is mitig...
CVE-2021-28665
CVE-2021-28665 affects Stormshield SNS (Stormshield Network Security) prior to versions 3.7.18, 3.11.6 and 4.1.6. The vulnerability is a memory-management defect in the SNMP plugin that can cause excessive memory and CPU consumption, potentially leading to a denial of service. Public documentatio...