Skip to main content

Ova Appliance

3 CVEs product

Monthly

CVE-2021-31581 MEDIUM POC This Month

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ova Appliance Provisioning Manager
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2021-31580 CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31579 CRITICAL POC Act Now

Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 4.4
MEDIUM POC This Month

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ova Appliance Provisioning Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ova Appliance Provisioning Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy