Vulnerabilities > Riverbed > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-42855 Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands.
local
low complexity
riverbed CWE-732
4.6
2022-03-10 CVE-2021-42856 Cross-site Scripting vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack.
network
riverbed CWE-79
4.3
2022-03-10 CVE-2021-42857 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API.
network
low complexity
riverbed CWE-22
5.0
2020-07-27 CVE-2020-15592 Path Traversal vulnerability in Riverbed Steelcentral Aternity Agent
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file.
network
low complexity
riverbed CWE-22
5.0
2017-08-26 CVE-2017-7693 Path Traversal vulnerability in Riverbed Opnet APP Response Xpert 9.6.1
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
network
low complexity
riverbed CWE-22
6.8
2017-04-04 CVE-2017-7306 Weak Password Requirements vulnerability in Riverbed Rios
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number.
high complexity
riverbed CWE-521
6.4
2017-04-04 CVE-2017-7305 Weak Password Requirements vulnerability in Riverbed Rios
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot.
low complexity
riverbed CWE-521
4.6
2014-08-19 CVE-2014-5348 Cross-Site Scripting vulnerability in Riverbed Steelapp Traffic Manager 9.6
Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter.
network
riverbed CWE-79
4.3