VYPR

Manager Platform

by Atos

CVEs (4)

  • CVE-2020-25094Dec 17, 2020
    risk 0.01cvss epss 0.03

    LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run…

  • CVE-2023-45356Oct 9, 2023
    risk 0.00cvss epss 0.01

    Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform…

  • CVE-2020-25095Dec 17, 2020
    risk 0.00cvss epss 0.01

    LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim…

  • CVE-2020-25096Dec 17, 2020
    risk 0.00cvss epss 0.01

    LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication…