Skip to main content

Unity Orchestrator

6 CVEs product

Monthly

CVE-2020-12147 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-12146 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
27.6%
CVE-2020-12145 CRITICAL Act Now

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unity Orchestrator
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2020-12144 MEDIUM This Month

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12143 MEDIUM This Month

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12142 MEDIUM This Month

1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
EPSS 28% CVSS 8.8
HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unity Orchestrator
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure +22
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure +22
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure +22
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy