CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-31581 – Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface
https://notcve.org/view.php?id=CVE-2021-31581
22 Jul 2021 — The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). El shell restringido proporcionado por Akkadian Provisioning Manager Engine (PME) puede ser escapado al ... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2021-31580 – Akkadian Provisioning Manager Engine (PME) Shell Escape via 'exec' command
https://notcve.org/view.php?id=CVE-2021-31580
22 Jul 2021 — The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). El shell restringido proporcionado por Akkadian Provisioning Manager Engine (PME) puede ser omitido cambiando el canal ... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-31579 – Akkadian Provisioning Manager Engine (PME) Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2021-31579
22 Jul 2021 — Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). Akkadian Provisioning Manager Engine (PME) se envía con una credencial embebida, akkadianuser:haakkadianpassword. Este problema fue resuelto en Akkadian OVA appliance versiones 3.0 (y posteriores), Akkadian Provisi... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27362
https://notcve.org/view.php?id=CVE-2020-27362
01 Jul 2021 — An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. Se presenta un problema en la consola SSH de Akkadian Provisioning Manager versión 4.50.02, que permite a un usuario poco privilegiado escapar del editor de archivos de configuración web y escalar privilegios • https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-27361
https://notcve.org/view.php?id=CVE-2020-27361
01 Jul 2021 — An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. Se presenta un problema en Akkadian Provisioning Manager versión 4.50.02, que permite a atacantes visualizar información confidencial dentro de los subdirectorios /pme • https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE • CWE-668: Exposure of Resource to Wrong Sphere •