CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers conf... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34098 – Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
https://notcve.org/view.php?id=CVE-2025-34098
10 Jul 2025 — A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files ... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/riverbed_steelhead_vcx_file_read.rb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-43271
https://notcve.org/view.php?id=CVE-2021-43271
03 Jun 2022 — Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided cor... • https://supportkb.riverbed.com/support/index?page=content&id=S35806 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42854 – Directory Traversal Read/Write/Delete at PluginServlet
https://notcve.org/view.php?id=CVE-2021-42854
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el PluginServlet del agente de muestreo dinámico (DSA) de SteelCentral AppInternals presenta vulnerabilidades de salto de directorio en la API "/api/appInternals/1.0/plugin/pmx". El ... • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42856 – Reflected Cross-site Scripting at DsaDataTest
https://notcve.org/view.php?id=CVE-2021-42856
09 Mar 2022 — It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. Se ha detectado que el endpoint /DsaDataTest es susceptible de sufrir un ataque de tipo cross-site scripting (XSS). Se ha detectado que el parámetro Metric no presenta ninguna comprobación de entrada en la entrada del usuario que p... • https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42787 – Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet
https://notcve.org/view.php?id=CVE-2021-42787
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) AgentConfigurationServlet de SteelCentral AppInternals presenta vulnerabilidades salto de directorio en la API "/api/appInte... • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42857 – Directory Traversal Partial Write at AgentDaServlet
https://notcve.org/view.php?id=CVE-2021-42857
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) AgentDaServlet de SteelCentral AppInternals presenta vulnerabilidades de salto de directorio en la API "/api/appInternals/1.0/agent/da/pcf". El endp... • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42855 – Local privilege escalation due to misconfigured write permission on .debug_command.config file
https://notcve.org/view.php?id=CVE-2021-42855
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals usa el archivo ".debug_command.config" para almacenar una cadena json que con... • https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-42786 – Remote Code Execution at AgentControllerServlet
https://notcve.org/view.php?id=CVE-2021-42786
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals presenta vulnerabilidades de ejecución de código remota en varias instancias de las peticiones de la API. Los puntos finales afectados... • https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42853 – Directory Traversal Delete/Read at AgentDiagnosticServlet
https://notcve.org/view.php?id=CVE-2021-42853
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) AgentDiagnosticServlet de SteelCentral AppInternals presenta una vulnerabilidad salto de directorio en la API "/api/appInternal... • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •