Vulnerabilities > Silver Peak > Unity Orchestrator > 8.9.2

DATE CVE VULNERABILITY TITLE RISK
2020-11-05 CVE-2020-12147 Path Traversal vulnerability in Silver-Peak Unity Orchestrator
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
network
low complexity
silver-peak CWE-22
8.8
8.8
2020-11-05 CVE-2020-12146 Path Traversal vulnerability in Silver-Peak Unity Orchestrator
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
network
low complexity
silver-peak CWE-22
8.8
8.8
2020-11-05 CVE-2020-12145 Improper Authentication vulnerability in Silver-Peak Unity Orchestrator
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost.
network
low complexity
silver-peak CWE-287
critical
 9.8
9.8