SSL VPN
by Portwise
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-20109 | Hig | 0.64 | — | 0.01 | Aug 21, 2025 | Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to… | ||
| CVE-2025-34047 | Hig | 0.57 | — | 0.00 | Jun 26, 2025 | A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient… | ||
| CVE-2022-50800 | Hig | 0.49 | 7.5 | 0.00 | Dec 30, 2025 | H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between… | ||
| CVE-2010-0703 | 0.03 | — | 0.02 | Feb 23, 2010 | Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. | |||
| CVE-2022-35416 | 0.01 | — | 0.03 | Jul 11, 2022 | H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. |
- risk 0.64cvss —epss 0.01
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to…
- risk 0.57cvss —epss 0.00
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient…
- risk 0.49cvss 7.5epss 0.00
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between…
- CVE-2010-0703Feb 23, 2010risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.
- CVE-2022-35416Jul 11, 2022risk 0.01cvss —epss 0.03
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.