Vulnerabilities > Riverbed > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-42855 | Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. | 4.6 |
| 2022-03-10 | CVE-2021-42856 | Cross-site Scripting vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0 It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. | 4.3 |
| 2022-03-10 | CVE-2021-42857 | Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. | 5.0 |
| 2020-07-27 | CVE-2020-15592 | Path Traversal vulnerability in Riverbed Steelcentral Aternity Agent SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. | 5.0 |
| 2017-08-26 | CVE-2017-7693 | Path Traversal vulnerability in Riverbed Opnet APP Response Xpert 9.6.1 Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | 6.8 |
| 2017-04-04 | CVE-2017-7306 | Weak Password Requirements vulnerability in Riverbed Rios Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. | 6.4 |
| 2017-04-04 | CVE-2017-7305 | Weak Password Requirements vulnerability in Riverbed Rios Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. | 4.6 |
| 2014-08-19 | CVE-2014-5348 | Cross-Site Scripting vulnerability in Riverbed Steelapp Traffic Manager 9.6 Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. | 4.3 |