Cloudcnm Secumanager Security Vulnerabilities and Issues — Cloudcnm Secumanager CVE List

Lucene search

ZyxelCloudcnm Secumanager

21 matches found

CVE•added 2022/09/29 3:15 a.m.•1701 views

CVE-2020-15341

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

7.5CVSS7.6AI score0.00817EPSS

CVE•added 2022/09/29 3:15 a.m.•1634 views

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.

5.3CVSS5.4AI score0.00423EPSS

CVE•added 2022/09/29 3:15 a.m.•1630 views

CVE-2020-15344

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.

5.3CVSS5.4AI score0.00437EPSS

CVE•added 2022/09/29 3:15 a.m.•1622 views

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.

5.3CVSS5.4AI score0.00437EPSS

CVE•added 2022/09/29 3:15 a.m.•1615 views

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.

5.3CVSS5.4AI score0.00373EPSS

CVE•added 2022/09/29 3:15 a.m.•1534 views

CVE-2020-15346

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.

5.3CVSS5.3AI score0.00547EPSS

CVE•added 2022/09/29 3:15 a.m.•34 views

CVE-2020-15331

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.

9.8CVSS9.4AI score0.00558EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15330

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.

5.3CVSS5.3AI score0.00343EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15332

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

9.8CVSS9.4AI score0.00422EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15347

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

9.8CVSS9.6AI score0.00999EPSS

CVE•added 2022/09/29 3:15 a.m.•32 views

CVE-2020-15327

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

7.5CVSS7.5AI score0.00526EPSS

CVE•added 2022/09/29 3:15 a.m.•32 views

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.

5.3CVSS5.4AI score0.00492EPSS

CVE•added 2022/09/29 3:15 a.m.•31 views

CVE-2020-15328

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.

5.3CVSS5.3AI score0.00492EPSS

CVE•added 2022/09/29 3:15 a.m.•30 views

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.

5.3CVSS5.5AI score0.00585EPSS

CVE•added 2022/09/29 3:15 a.m.•30 views

CVE-2020-15338

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.

5.3CVSS5.4AI score0.00492EPSS

CVE•added 2022/09/29 3:15 a.m.•29 views

CVE-2020-15326

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.

5.3CVSS5.3AI score0.00559EPSS

CVE•added 2022/09/29 3:15 a.m.•29 views

CVE-2020-15333

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.

5.3CVSS5.2AI score0.00918EPSS

CVE•added 2022/09/29 3:15 a.m.•28 views

CVE-2020-15339

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.

6.1CVSS6.3AI score0.00687EPSS

CVE•added 2022/09/29 3:15 a.m.•28 views

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.

7.5CVSS7.5AI score0.00377EPSS

CVE•added 2022/09/29 3:15 a.m.•27 views

CVE-2020-15325

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.

5.3CVSS5.3AI score0.00343EPSS

CVE•added 2022/09/29 3:15 a.m.•24 views

CVE-2020-15329

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

5.3CVSS5.3AI score0.00492EPSS