Описание
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
Уязвимые конфигурации
Конфигурация 1Версия от 11.0.0 (включая) до 11.8.8 (исключая)Версия от 12.0.0 (включая) до 12.13.0 (исключая)
Одно из
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01457
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.
EPSS
Процентиль: 80%
0.01457
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-20