Vulnerabilities > Arista > Cloudvision Portal > 2018.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-22 | CVE-2020-24333 | Unspecified vulnerability in Arista Cloudvision Portal A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | 6.5 |
| 2020-06-06 | CVE-2020-13881 | Information Exposure Through Log Files vulnerability in multiple products In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 7.5 |
| 2019-12-19 | CVE-2019-18181 | Unspecified vulnerability in Arista Cloudvision Portal In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. | 7.8 |
| 2019-10-24 | CVE-2019-17596 | Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. | 7.5 |
| 2019-08-15 | CVE-2018-12357 | Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | 6.5 |