Product:

Cloudcnm_secumanager

(Zyxel)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2022-09-29 CVE-2020-15331 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. Cloudcnm_secumanager 9.8
2022-09-29 CVE-2020-15332 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Cloudcnm_secumanager 9.8
2022-09-29 CVE-2020-15333 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. Cloudcnm_secumanager 5.3
2022-09-29 CVE-2020-15334 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. Cloudcnm_secumanager 5.3
2022-09-29 CVE-2020-15337 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. Cloudcnm_secumanager 5.3
2022-09-29 CVE-2020-15338 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. Cloudcnm_secumanager 5.3
2022-09-29 CVE-2020-15339 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. Cloudcnm_secumanager 6.1
2022-09-29 CVE-2020-15340 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. Cloudcnm_secumanager 7.5
2022-09-29 CVE-2020-15341 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. Cloudcnm_secumanager 7.5
2022-09-29 CVE-2020-15342 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Cloudcnm_secumanager 5.3