Fidelissecurity

Deception

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-35048

Exploit
  • EPSS 0.79%
  • Veröffentlicht 25.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:11:44

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is p...

8.8

CVE-2021-35049

Exploit
  • EPSS 3.37%
  • Veröffentlicht 25.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:11:44

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return resu...

7.5

CVE-2021-35050

Exploit
  • EPSS 0.31%
  • Veröffentlicht 25.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:11:45

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is ...