NotCVE - vendor:"Aviatrix" product:"Controller" version:"5.3.1516"

Page 2 of 12 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-13414

https://notcve.org/view.php?id=CVE-2020-13414

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Contiene credenciales no utilizadas por el software. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code • CWE-798: Use of Hard-coded Credentials •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13416

https://notcve.org/view.php?id=CVE-2020-13416

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1066. No es requerido un parámetro session token de Controller Web Interface en una llamada API, lo que abre la aplicación a una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) p... • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#csrf-on-password-reset • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2