NotCVE - vendor:"Arista" product:"Cloudvision Portal" version:" <= 2016.1.2.0"

4 results (0.013 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-24333

https://notcve.org/view.php?id=CVE-2020-24333

A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. Una vulnerabilidad en CloudVision Portal (CVP) de Arista versiones anteriores a 2020.2, permite a usuarios con derechos de acceso "read-only" o superiores en el módulo Configlet Management descargar archivos no previstos para acceso, ubicados en el servidor CVP, mediante el acceso a una API específica • https://www.arista.com/en/support/advisories-notices https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51 •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13881

https://notcve.org/view.php?id=CVE-2020-13881

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. En el archivo support.c en pam_tacplus versiones 1.3.8 hasta 1.5.1, el secreto compartido TACACS+ es registrado por medio de syslog si el nivel de registro DEBUG y journald son usados • http://www.openwall.com/lists/oss-security/2020/06/08/1 https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 https://github.com/kravietz/pam_tacplus/issues/149 https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html https://usn.ubuntu.com/4521-1 https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12357

https://notcve.org/view.php?id=CVE-2018-12357

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. Arista CloudVision Portal versiones hasta 2018.1.1, presenta Permisos Incorrectos. • https://www.arista.com/en/support/advisories-notices https://www.arista.com/en/support/advisories-notices/security-advisories/5432-security-advisory-35 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9012

https://notcve.org/view.php?id=CVE-2016-9012

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. CloudVision Portal (CVP) en versiones anteriores a 2016.1.2.1 permite a usuarios remotos autenticados obtener acceso a los mecanismos de configuración internos a través del plano de gestión, relacionados con una petición a /web/system/console/bundle. • http://www.securityfocus.com/bid/94635 https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27 • CWE-264: Permissions, Privileges, and Access Controls •