Skip to main content

Concerto

2 CVEs product

Monthly

CVE-2025-34026 CRITICAL POC KEV THREAT Emergency

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Authentication Bypass Concerto
NVD
CVSS 4.0
9.2
EPSS
75.1%
Threat
7.1
CVE-2021-31930 MEDIUM This Month

Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concerto
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
EPSS 75% 7.1 CVSS 9.2
CRITICAL POC KEV THREAT Emergency

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Authentication Bypass Concerto
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concerto
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy