Vulnerabilities > Stormshield > Endpoint Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-35799 | Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. | 5.5 |
| 2023-06-27 | CVE-2023-35800 | Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. | 4.3 |
| 2023-05-31 | CVE-2023-23562 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | 4.3 |
| 2023-05-30 | CVE-2023-23561 | Unspecified vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | 5.5 |
| 2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |
| 2021-12-21 | CVE-2021-45091 | Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1 Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | 4.0 |
| 2021-07-13 | CVE-2021-35957 | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 4.6 |
| 2021-07-13 | CVE-2021-31225 | Unspecified vulnerability in Stormshield Endpoint Security SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | 4.3 |