Vulnerabilities > Cisco > Hyperflex HX Data Platform > 2.6.1b

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1498 OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
network
low complexity
cisco CWE-78
critical
 9.8
9.8
2021-05-06 CVE-2021-1499 Missing Authentication for Critical Function vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device.
network
low complexity
cisco CWE-306
5.3
5.3
2019-08-08 CVE-2019-1958 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
cisco CWE-352
6.8
6.8
2019-02-21 CVE-2019-1667 Incorrect Authorization vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface.
local
low complexity
cisco CWE-863
2.1
2.1
2019-02-21 CVE-2019-1666 Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service.
network
low complexity
cisco CWE-284
5.0
5.0
2019-02-21 CVE-2019-1665 Cross-site Scripting vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.
network
cisco CWE-79
4.3
4.3
2019-02-21 CVE-2019-1664 Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster.
local
low complexity
cisco CWE-284
7.2
7.2