Vulnerabilities > Silver Peak > Unity Orchestrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-05 | CVE-2020-12147 | Path Traversal vulnerability in Silver-Peak Unity Orchestrator In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. | 6.5 |
| 2020-11-05 | CVE-2020-12146 | Path Traversal vulnerability in Silver-Peak Unity Orchestrator In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | 6.5 |
| 2020-11-05 | CVE-2020-12145 | Improper Authentication vulnerability in Silver-Peak Unity Orchestrator Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. | 7.5 |
| 2020-05-05 | CVE-2020-12144 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. | 4.9 |
| 2020-05-05 | CVE-2020-12143 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | 4.9 |
| 2020-05-05 | CVE-2020-12142 | Exposure of Resource to Wrong Sphere vulnerability in Silver-Peak products 1. | 4.9 |