Lucene search
+L
Versa-networksVersa Director

7 matches found

CVE
CVE
added 2024/08/22 6:47 p.m.145 views

CVE-2024-39717

Versa Director CVE-2024-39717: Unrestricted file upload via the Change Favicon feature is exposed to administrators (Provider-Data-Center-Admin/System-Admin) after authentication, allowing a .png file to masquerade as an image and potentially lead to remote code execution. Versa issued a security...

7.2CVSS6.9AI score0.04006EPSS
In wildWeb
CVE
CVE
added 2021/05/26 6:45 p.m.57 views

CVE-2019-25030

CVE-2019-25030 affects Versa Director, Versa Analytics and VOS. Passwords were stored without an adaptive hash or KDF, using Merkle-Damgard-based algorithms (e.g., MD5/SHA-1), enabling rainbow-table based cracking. The connected documents indicate the mitigation is to hash with adaptive algorithm...

5.5CVSS5.5AI score0.00216EPSS
CVE
CVE
added 2021/05/26 6:45 p.m.56 views

CVE-2019-25029

Versa Director is affected by a command injection vulnerability. The attack relies on unsafe user-supplied data being passed to a system shell, allowing execution of arbitrary commands with the privileges of the vulnerable application. Root cause: insufficient input validation. Impact is describe...

10CVSS9.8AI score0.02713EPSS
CVE
CVE
added 2021/09/07 12:40 p.m.52 views

CVE-2021-39285

Versa Director 16.1R2 Build S8 contains a cross-site scripting (XSS) vulnerability. An attacker can use the administration web interface URL to inject scripts. The CVE-2021-39285 entry documents this XSS issue; no explicit exploit details, affected component is Versa Director’s web interface, and...

6.1CVSS5.9AI score0.00775EPSS
CVE
CVE
added 2021/05/26 6:46 p.m.47 views

CVE-2018-16496

CVE-2018-16496 affects Versa Director. The issue arises from an unauthenticated request that allows an attacker to change log levels, indicating an authorization/configuration flaw. NVD metrics (CVSSv2/v3) show a Medium severity with network vector, low complexity and no authentication required; ...

5.3CVSS5.3AI score0.00742EPSS
CVE
CVE
added 2021/05/26 6:45 p.m.46 views

CVE-2018-16498

CVE-2018-16498 affects Versa Director where unencrypted backup files stored on the Versa deployment include credentials inside configuration files for components such as SNMP and SSL/Trust keystores. The root cause is plaintext credentials in backups, enabling potential exposure if backups are ac...

5.5CVSS5.5AI score0.00166EPSS
CVE
CVE
added 2025/06/18 11:30 p.m.31 views

CVE-2025-23168

The CVE-2025-23168 entry describes a vulnerability in Versa Director SD-WAN’s 2FA via OTP over email/SMS. The authenticated attacker can abuse untrusted input when dispatching OTPs to redirect delivery to their device, enabling interception of codes. OTP/TOTP codes are not invalidated after use, ...

8.8CVSS6.5AI score0.00345EPSS