CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5670 – Riverbed RiOS Insecure Cryptographic Storage
https://notcve.org/view.php?id=CVE-2017-5670
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. Riverbed RiOS hasta la versión 9.6.0 elimina la bóveda segura con el programa rm (no shred o srm), lo que facilita a los atacantes físicamente cercanos obtener información sensible leyendo bloques de disco en bruto. Riverbed RiOS suffers from an insecure cryptographic storage vulnerability. • http://seclists.org/fulldisclosure/2017/Feb/25 http://www.securityfocus.com/bid/96175 https://supportkb.riverbed.com/support/index?page=content&id=S30065 https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2014-5348
https://notcve.org/view.php?id=CVE-2014-5348
Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. Vulnerabilidad de XSS en apps/zxtm/locallog.cgi en Riverbed Stingray (también conocido como SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro logfile. • http://seclists.org/fulldisclosure/2014/Aug/41 http://www.securityfocus.com/bid/69243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •