VYPR

Provisioning Manager Engine (pme)

by Akkadian

CVEs (4)

  • CVE-2021-31580HigJul 22, 2021
    risk 0.57cvss 8.7epss 0.03

    The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and…

  • CVE-2020-27362HigJul 1, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.

  • CVE-2021-31579HigJul 22, 2021
    risk 0.53cvss 8.2epss 0.01

    Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager…

  • CVE-2021-31581HigJul 22, 2021
    risk 0.51cvss 7.9epss 0.01

    The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version…