Vulnerabilities > Cisco > Hyperflex HX Data Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-20263 | Open Redirect vulnerability in Cisco Hyperflex HX Data Platform 5.0/5.5 A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. | 6.1 |
| 2021-05-06 | CVE-2021-1497 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 4.0(2A) Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. | 9.8 |
| 2021-05-06 | CVE-2021-1498 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. | 9.8 |
| 2021-05-06 | CVE-2021-1499 | Missing Authentication for Critical Function vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. | 5.3 |
| 2019-08-08 | CVE-2019-1958 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-02-21 | CVE-2019-1667 | Incorrect Authorization vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. | 2.1 |
| 2019-02-21 | CVE-2019-1666 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. | 5.0 |
| 2019-02-21 | CVE-2019-1665 | Cross-site Scripting vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2019-02-21 | CVE-2019-1664 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. | 7.2 |
| 2019-02-20 | CVE-2018-15380 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)/3.5(1A) A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. | 8.3 |