Vulnerabilities > XEN Orchestra
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-12 | CVE-2021-36383 | Unspecified vulnerability in Xen-Orchestra Xo-Server and Xo-Web Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. | 4.3 |