Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Controller
(Aviatrix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-17 | CVE-2020-26551 | An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | Controller | 7.5 | ||
| 2020-05-22 | CVE-2020-13416 | An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | Controller | N/A | ||
| 2020-05-22 | CVE-2020-13415 | An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. | Controller | N/A | ||
| 2020-05-22 | CVE-2020-13412 | An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | Controller | N/A |