RSS   Vulnerabilities for
'Skybox manager client application'
   RSS

2017-10-02
 
CVE-2017-14773

CWE-noinfo
 

 
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.

 
 
CVE-2017-14772

 

 
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.

 
 
CVE-2017-14771

 

 
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.

 
 
CVE-2017-14770

 

 
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.

 

 >>> Vendor: Skyboxsecurity 3 Products
Skybox view appliance iso
Skybox view appliance
Skybox manager client application


Copyright 2024, cxsecurity.com

 

Back to Top