Vulnerabilities > Versa Networks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-39285 | Cross-site Scripting vulnerability in Versa-Networks Versa Director 16.1R2 A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. | 4.3 |
| 2021-05-26 | CVE-2018-16494 | Exposure of Resource to Wrong Sphere vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. | 6.5 |
| 2021-05-26 | CVE-2018-16495 | Session Fixation vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. | 6.5 |
| 2021-05-26 | CVE-2018-16496 | Improper Authentication vulnerability in Versa-Networks Versa Director In Versa Director, the un-authentication request found. | 5.0 |
| 2021-05-26 | CVE-2018-16497 | Improper Privilege Management vulnerability in Versa-Networks Versa Analytics In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. | 7.2 |
| 2021-05-26 | CVE-2018-16498 | Cleartext Storage of Sensitive Information vulnerability in Versa-Networks Versa Director In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. | 2.1 |
| 2021-05-26 | CVE-2018-16499 | Inadequate Encryption Strength vulnerability in Versa-Networks Versa Operating System In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. | 4.3 |
| 2021-05-26 | CVE-2019-25029 | Command Injection vulnerability in Versa-Networks Versa Director In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. | 10.0 |
| 2021-05-26 | CVE-2019-25030 | Insufficiently Protected Credentials vulnerability in Versa-Networks products In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. | 2.1 |