Vulnerabilities > Arista > Cloudvision Portal > 2018.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-22 | CVE-2020-24333 | Improper Authentication vulnerability in Arista Cloudvision Portal A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | 4.0 |
| 2020-06-06 | CVE-2020-13881 | Information Exposure Through Log Files vulnerability in multiple products In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 4.3 |
| 2019-12-19 | CVE-2019-18181 | Unspecified vulnerability in Arista Cloudvision Portal In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. | 4.6 |
| 2019-12-19 | CVE-2019-18615 | Insufficiently Protected Credentials vulnerability in Arista Cloudvision Portal 2018.2.0/2018.2.3 In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. | 3.5 |
| 2019-10-24 | CVE-2019-17596 | Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. | 7.5 |