Vulnerabilities > Cisco > Hyperflex HX Data Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-20263 | Open Redirect vulnerability in Cisco Hyperflex HX Data Platform 5.0/5.5 A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. | 6.1 |
| 2021-05-06 | CVE-2021-1499 | Missing Authentication for Critical Function vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. | 5.3 |
| 2019-02-21 | CVE-2019-1666 | Improper Authentication vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. | 5.3 |
| 2019-02-21 | CVE-2019-1665 | Cross-site Scripting vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 6.1 |
| 2018-10-05 | CVE-2018-15429 | Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 5.3 |
| 2018-10-05 | CVE-2018-15423 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 4.7 |
| 2018-10-05 | CVE-2018-15407 | Incomplete Cleanup vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A) A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. | 5.5 |
| 2017-11-16 | CVE-2017-12315 | Information Exposure vulnerability in Cisco Hyperflex HX Data Platform 2.6(1A) A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. | 6.0 |