CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28127
https://notcve.org/view.php?id=CVE-2021-28127
01 Jul 2021 — An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. Se ha detectado un problema en Stormshield SNS versiones hasta 4.2.1. Puede ocurrir un ataque de fuerza bruta • https://advisories.stormshield.eu • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8430
https://notcve.org/view.php?id=CVE-2020-8430
13 Apr 2020 — Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. Los dispositivos Stormshield Network Security versión 310 3.7.10, presentan una vulnerabilidad de Redireccionamiento Abierto de auth/lang.html?rurl= en el portal cautivo. • https://advisories.stormshield.eu/2020-001 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20850
https://notcve.org/view.php?id=CVE-2018-20850
04 Jul 2019 — Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. Stormshield Network Security versión 2.0.0 hasta la versión 2.13.0 y versión 3.0.0 hasta la versión 3.7.1 tiene self-XSS en la interfaz de línea de comandos del servidor web SNS. • https://advisories.stormshield.eu/2018-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •