CVSS: 8.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-8755 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-8755
11 Oct 2024 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue ... • https://support.kemptechnologies.com/hc/en-us/articles/30297374715661-LoadMaster-Security-Vulnerability-CVE-2024-8755 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3544 – LoadMaster Hardcoded SSH Key
https://notcve.org/view.php?id=CVE-2024-3544
02 May 2024 — Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. Los atacantes no autenticados pueden realizar acciones utilizando claves privadas SSH conociendo la dirección IP y teniendo acceso a la mis... • https://kemptechnologies.com • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3543 – LoadMaster Reversible Password Encryption Algorithm
https://notcve.org/view.php?id=CVE-2024-3543
02 May 2024 — Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. El uso de un algoritmo de cifrado de contraseña reversible permite a los atacantes descifrar contraseñas. El atacante puede descifrar fácilmente la información confidencial y las credenciales robadas pueden usarse para acciones arbitrarias que corrompan el sistema. • https://kemptechnologies.com • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.8EPSS: 13%CPEs: 1EXPL: 3CVE-2014-5287 – Kemp Load Master 7.1.16 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5287
03 Apr 2015 — A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI). Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://packetstorm.news/files/id/131284 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •