Vulnerabilities > Extremenetworks > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-05 CVE-2020-13819 Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
network
low complexity
extremenetworks CWE-79
6.1
6.1
2020-08-04 CVE-2020-16847 Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
network
low complexity
extremenetworks CWE-79
6.1
6.1
2020-08-03 CVE-2020-13820 Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
network
low complexity
extremenetworks CWE-79
6.1
6.1
2017-10-23 CVE-2017-14331 Unspecified vulnerability in Extremenetworks Extremexos
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.
local
low complexity
extremenetworks
6.7
6.7
2017-10-23 CVE-2017-14330 Improper Privilege Management vulnerability in Extremenetworks Extremexos
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
local
low complexity
extremenetworks CWE-269
6.7
6.7
2017-10-23 CVE-2017-14329 Improper Privilege Management vulnerability in Extremenetworks Extremexos
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
local
low complexity
extremenetworks CWE-269
6.7
6.7
2017-10-23 CVE-2017-14327 Information Exposure vulnerability in Extremenetworks Extremexos
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
local
low complexity
extremenetworks CWE-200
4.4
4.4