CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46783
https://notcve.org/view.php?id=CVE-2022-46783
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2022-029 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11711
https://notcve.org/view.php?id=CVE-2020-11711
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. • https://advisories.stormshield.eu/2020-011 https://twitter.com/_ACKNAK_ https://www.digitemis.com/category/blog/actualite • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27932
https://notcve.org/view.php?id=CVE-2021-27932
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-004 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46782
https://notcve.org/view.php?id=CVE-2022-46782
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. • https://advisories.stormshield.eu/2022-028 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35799
https://notcve.org/view.php?id=CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2023-022 • CWE-732: Incorrect Permission Assignment for Critical Resource •