Security News > 2022 > March > Singapore uncovers four critical vulnerabilities in Riverbed software

Singapore uncovers four critical vulnerabilities in Riverbed software
2022-03-11 22:49

Singapore's Cyber Security Group, an agency charged with securing the nation's cyberspace, has uncovered four critical flaws in code from network software company Riverbed.

The vulnerable application is SteelCentral AppInternals, formerly referred to as AppInternals Xpert, provided by Riverbed's Aternity division.

Along with two others, Kang found a total of seven bugs while testing Riverbed's wares, with four of these rated as critical, all within the AppInternals' Dynamic Sampling Agent.

The four critical vulnerabilities are listed as CVE-2021-42786, CVE-2021-42787, CVE-2021-42853, and and CVE-2021-42854.

"Riverbed worked with the research team on the assessment, identification, and mitigation of the vulnerabilities as they were discovered, evaluated, and validated," Wayne Loveless, CISO, at Riverbed, told The Register.

"Product engineering and security teams have security assessment and testing processes integrated into our software development lifecycle. Updates were made available as part of Riverbed customer support services via the support portal." .


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/11/riverbed_vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-42854 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API.
network
low complexity
riverbed CWE-22
critical
9.8
2022-03-10 CVE-2021-42853 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API.
network
low complexity
riverbed CWE-22
critical
9.8
2022-03-10 CVE-2021-42787 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API.
network
low complexity
riverbed CWE-22
critical
9.8
2022-03-10 CVE-2021-42786 Improper Input Validation vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests.
network
low complexity
riverbed CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Riverbed 6 0 8 4 4 16