VYPR

LoadMaster

by Kemp

CVEs (6)

  • CVE-2024-1212CriKEVFeb 21, 2024
    risk 0.88cvss 10.0epss 0.95

    Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

  • CVE-2024-7591CriSep 5, 2024
    risk 0.69cvss 10.0epss 0.44

    Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

  • CVE-2024-2448HigMar 22, 2024
    risk 0.59cvss 8.4epss 0.55

    An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

  • CVE-2024-2449HigMar 22, 2024
    risk 0.50cvss 7.5epss 0.13

    A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a…

  • CVE-2023-29929HigAug 21, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.

  • CVE-2024-3544HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require…