CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-31581 – Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface
https://notcve.org/view.php?id=CVE-2021-31581
22 Jul 2021 — The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). El shell restringido proporcionado por Akkadian Provisioning Manager Engine (PME) puede ser escapado al ... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2021-31580 – Akkadian Provisioning Manager Engine (PME) Shell Escape via 'exec' command
https://notcve.org/view.php?id=CVE-2021-31580
22 Jul 2021 — The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). El shell restringido proporcionado por Akkadian Provisioning Manager Engine (PME) puede ser omitido cambiando el canal ... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-31579 – Akkadian Provisioning Manager Engine (PME) Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2021-31579
22 Jul 2021 — Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). Akkadian Provisioning Manager Engine (PME) se envía con una credencial embebida, akkadianuser:haakkadianpassword. Este problema fue resuelto en Akkadian OVA appliance versiones 3.0 (y posteriores), Akkadian Provisi... • https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure • CWE-798: Use of Hard-coded Credentials •