Vulnerabilities > Silver Peak > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2020-12144 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. | 4.9 |
| 2020-05-05 | CVE-2020-12143 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | 4.9 |
| 2020-05-05 | CVE-2020-12142 | Exposure of Resource to Wrong Sphere vulnerability in Silver-Peak products 1. | 4.9 |
| 2019-09-08 | CVE-2019-16105 | Path Traversal vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644 Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | 4.9 |
| 2019-09-08 | CVE-2019-16104 | Cross-site Scripting vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644 Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | 6.1 |
| 2019-09-08 | CVE-2019-16101 | Information Exposure Through an Error Message vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644 Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | 5.3 |