Vulnerabilities > Cisco > Hyperflex HX Data Platform > 3.0.1a
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-1498 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. | 9.8 |
| 2021-05-06 | CVE-2021-1499 | Missing Authentication for Critical Function vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. | 5.3 |
| 2019-08-08 | CVE-2019-1958 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-02-21 | CVE-2019-1667 | Incorrect Authorization vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. | 2.1 |
| 2019-02-21 | CVE-2019-1666 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. | 5.0 |
| 2019-02-21 | CVE-2019-1665 | Cross-site Scripting vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2019-02-21 | CVE-2019-1664 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. | 7.2 |
| 2019-02-20 | CVE-2018-15380 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)/3.5(1A) A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. | 8.3 |
| 2018-10-05 | CVE-2018-15429 | Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 5.0 |
| 2018-10-05 | CVE-2018-15423 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 4.3 |