Skybox Manager Client Application
by Skybox
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14773 | Hig | 0.51 | 7.8 | 0.00 | Oct 3, 2017 | Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker. | ||
| CVE-2017-14771 | Med | 0.36 | 5.5 | 0.00 | Oct 3, 2017 | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can… | ||
| CVE-2017-14770 | Med | 0.36 | 5.5 | 0.00 | Oct 3, 2017 | Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. | ||
| CVE-2017-14772 | Low | 0.21 | 3.3 | 0.00 | Oct 3, 2017 | Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. |
- risk 0.51cvss 7.8epss 0.00
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.
- risk 0.36cvss 5.5epss 0.00
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can…
- risk 0.36cvss 5.5epss 0.00
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
- risk 0.21cvss 3.3epss 0.00
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.