Vulnerabilities > Stormshield

DATE CVE VULNERABILITY TITLE RISK
2022-03-15 CVE-2022-23989 Unspecified vulnerability in Stormshield Network Security
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface.
network
low complexity
stormshield
5.0
2022-02-10 CVE-2021-31814 Exposure of Resource to Wrong Sphere vulnerability in Stormshield Network Security
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
local
low complexity
stormshield CWE-668
3.6
2022-02-10 CVE-2021-37613 Unspecified vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
2.9
2022-02-10 CVE-2021-3398 Integer Overflow or Wraparound vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
network
low complexity
stormshield CWE-190
5.0
2022-01-31 CVE-2021-31617 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stormshield Network Security
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
network
low complexity
stormshield CWE-119
7.5
2022-01-31 CVE-2021-28962 Command Injection vulnerability in Stormshield Network Security
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
network
low complexity
stormshield CWE-77
6.5
2022-01-27 CVE-2021-28096 Allocation of Resources Without Limits or Throttling vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used).
4.3
2022-01-17 CVE-2022-22703 Information Exposure Through Log Files vulnerability in Stormshield Network Security 2.0.0/3.0.0
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
local
low complexity
stormshield CWE-532
2.1
2021-12-29 CVE-2021-45885 Insufficient Session Expiration vulnerability in Stormshield Network Security
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).
4.3
2021-12-21 CVE-2021-45089 Incorrect Authorization vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2/2.1.0
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
2.3