CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26553
https://notcve.org/view.php?id=CVE-2020-26553
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Varias API contienen funciones que permiten cargar archivos en el árbol web • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26552
https://notcve.org/view.php?id=CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Múltiples archivos ejecutables, que implementan endpoints de API, no requieren una ID de sesión válida para acceder • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26551
https://notcve.org/view.php?id=CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.3.1151. Los valores de clave cifrados son almacenados en un archivo legible • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26550
https://notcve.org/view.php?id=CVE-2020-26550
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.3.1151. Un archivo cifrado que contiene credenciales para sistemas no relacionados está protegido por una clave de tres caracteres • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26549
https://notcve.org/view.php?id=CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.4.1290. El mecanismo de protección htaccess para impedir peticiones a directorios puede ser omitido para una descarga de archivos • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-552: Files or Directories Accessible to External Parties •