Unrated severityNVD Advisory· Published Nov 5, 2020· Updated Sep 17, 2024

Silver Peak Unity OrchestratorTM subject to path traversal.

CVE-2020-12146

Description

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.

Affected products

Silver Peak/Unity Orchestratorllm-create2 versions
>=8.9 <8.9.11+ OR >=8.10 <8.10.11+ OR >=9.0 <9.0.1++ 1 more
- (no CPE)range: >=8.9 <8.9.11+ OR >=8.10 <8.10.11+ OR >=9.0 <9.0.1+
- (no CPE)range: All versions affected prior to Silver Peak Unity Orchestrator 8.9.11+

Patches

Vulnerability mechanics

References

www.silver-peak.com/support/user-documentation/security-advisoriesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000