Security News > 2022 > March > Singapore uncovers four critical vulnerabilities in Riverbed software
Singapore's Cyber Security Group, an agency charged with securing the nation's cyberspace, has uncovered four critical flaws in code from network software company Riverbed.
The vulnerable application is SteelCentral AppInternals, formerly referred to as AppInternals Xpert, provided by Riverbed's Aternity division.
Along with two others, Kang found a total of seven bugs while testing Riverbed's wares, with four of these rated as critical, all within the AppInternals' Dynamic Sampling Agent.
The four critical vulnerabilities are listed as CVE-2021-42786, CVE-2021-42787, CVE-2021-42853, and and CVE-2021-42854.
"Riverbed worked with the research team on the assessment, identification, and mitigation of the vulnerabilities as they were discovered, evaluated, and validated," Wayne Loveless, CISO, at Riverbed, told The Register.
"Product engineering and security teams have security assessment and testing processes integrated into our software development lifecycle. Updates were made available as part of Riverbed customer support services via the support portal." .
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/11/riverbed_vulnerabilities/
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2021-42854 | Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. | 9.8 |
2022-03-10 | CVE-2021-42853 | Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. | 9.8 |
2022-03-10 | CVE-2021-42787 | Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. | 9.8 |
2022-03-10 | CVE-2021-42786 | Improper Input Validation vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. | 9.8 |