Vulnerabilities > Ecos > System Management Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-17 CVE-2018-12335 Incorrect Permission Assignment for Critical Resource vulnerability in Ecos System Management Appliance 5.2.68
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.
low complexity
ecos CWE-732
7.3
7.3
2018-06-17 CVE-2018-12331 Authentication Bypass by Spoofing vulnerability in Ecos System Management Appliance 5.2.68
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."
network
high complexity
ecos CWE-290
7.4
7.4