Vulnerabilities > Riverbed > Steelcentral Appinternals Dynamic Sampling Agent

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-42786 Improper Input Validation vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests.
network
low complexity
riverbed CWE-20
critical
 9.8
9.8
2022-03-10 CVE-2021-42787 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API.
network
low complexity
riverbed CWE-22
critical
 9.8
9.8
2022-03-10 CVE-2021-42853 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API.
network
low complexity
riverbed CWE-22
critical
 9.8
9.8
2022-03-10 CVE-2021-42854 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API.
network
low complexity
riverbed CWE-22
critical
 9.8
9.8
2022-03-10 CVE-2021-42855 Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands.
local
low complexity
riverbed CWE-732
7.8
7.8
2022-03-10 CVE-2021-42856 Cross-site Scripting vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack.
network
low complexity
riverbed CWE-79
6.1
6.1
2022-03-10 CVE-2021-42857 Path Traversal vulnerability in Riverbed Steelcentral Appinternals Dynamic Sampling Agent 10.0.0/11.0.0/12.0.0
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API.
network
low complexity
riverbed CWE-22
5.3
5.3