Vulnerabilities > Infoblox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2022-28975 | Cross-site Scripting vulnerability in Infoblox Nios 8.5.2409296 A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | 5.4 |
| 2023-08-25 | CVE-2023-37249 | Unspecified vulnerability in Infoblox Nios Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. | 8.8 |
| 2023-02-17 | CVE-2022-32972 | Uncontrolled Search Path Element vulnerability in Infoblox Bloxone Endpoint 2.3.2 Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | 7.8 |
| 2021-06-28 | CVE-2020-15303 | XML Entity Expansion vulnerability in Infoblox Nios Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. | 6.5 |
| 2019-06-17 | CVE-2018-10239 | Permissions, Privileges, and Access Controls vulnerability in Infoblox Nios A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. | 6.7 |
| 2018-08-28 | CVE-2018-6643 | Cross-site Scripting vulnerability in Infoblox Netmri 7.1.1 Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. | 6.1 |
| 2017-01-23 | CVE-2016-6484 | CRLF Injection vulnerability in Infoblox Netmri CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | 6.1 |