Filtered by vendor Skyboxsecurity
Subscribe
Filtered by product Skybox Manager Client Application
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14773 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker. | |||||
CVE-2017-14772 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2024-11-21 | 2.1 LOW | 3.3 LOW |
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | |||||
CVE-2017-14771 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | |||||
CVE-2017-14770 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. |