Vulnerabilities (CVE)

Filtered by vendor Versa-networks Subscribe
Filtered by product Versa Analytics
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25030 1 Versa-networks 3 Versa Analytics, Versa Director, Versa Operating System 2024-11-21 2.1 LOW 5.5 MEDIUM
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
CVE-2018-16497 1 Versa-networks 1 Versa Analytics 2024-11-21 7.2 HIGH 7.8 HIGH
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.