LoadMaster
by Kemp
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1212 | Cri | 0.88 | 10.0 | 0.95 | KEV | Feb 21, 2024 | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | |
| CVE-2024-7591 | Cri | 0.69 | 10.0 | 0.44 | Sep 5, 2024 | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | ||
| CVE-2024-2448 | Hig | 0.59 | 8.4 | 0.55 | Mar 22, 2024 | An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. | ||
| CVE-2024-2449 | Hig | 0.50 | 7.5 | 0.13 | Mar 22, 2024 | A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a… | ||
| CVE-2023-29929 | Hig | 0.49 | 7.5 | 0.01 | Aug 21, 2024 | Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. | ||
| CVE-2024-3544 | Hig | 0.49 | 7.5 | 0.00 | May 2, 2024 | Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require… |
- risk 0.88cvss 10.0epss 0.95
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
- risk 0.69cvss 10.0epss 0.44
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
- risk 0.59cvss 8.4epss 0.55
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
- risk 0.50cvss 7.5epss 0.13
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a…
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require…