Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Versa-networks Security Vulnerabilities

cve
cve

CVE-2018-16494

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa s...

8.8CVSS

8.9AI Score

0.001EPSS

2021-05-26 07:15 PM
15
4
cve
cve

CVE-2018-16495

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap...

8.8CVSS

8.8AI Score

0.001EPSS

2021-05-26 07:15 PM
19
4
cve
cve

CVE-2018-16496

In Versa Director, the un-authentication request found.

5.3CVSS

5.3AI Score

0.001EPSS

2021-05-26 07:15 PM
21
cve
cve

CVE-2018-16497

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are...

7.8CVSS

7.9AI Score

0.0004EPSS

2021-05-26 07:15 PM
23
cve
cve

CVE-2018-16498

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

5.5CVSS

5.5AI Score

0.0004EPSS

2021-05-26 07:15 PM
17
cve
cve

CVE-2018-16499

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).

5.9CVSS

5.7AI Score

0.001EPSS

2021-05-26 07:15 PM
16
cve
cve

CVE-2019-25029

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a ...

9.8CVSS

9.8AI Score

0.006EPSS

2021-05-26 07:15 PM
23
cve
cve

CVE-2019-25030

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cra...

5.5CVSS

5.5AI Score

0.0004EPSS

2021-05-26 07:15 PM
20
6
cve
cve

CVE-2021-39285

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.

6.1CVSS

5.9AI Score

0.001EPSS

2021-09-07 01:15 PM
23