Kemp
Products
5- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9091 | Cri | 0.64 | 9.8 | 0.03 | May 25, 2018 | A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges,… | ||
| CVE-2014-5287 | Hig | 0.61 | 8.8 | 0.08 | Jan 8, 2020 | A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | ||
| CVE-2014-5288 | Hig | 0.60 | 8.8 | 0.02 | Feb 7, 2020 | A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. | ||
| CVE-2017-15524 | Cri | 0.59 | 9.1 | 0.01 | Dec 19, 2017 | The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | ||
| CVE-2023-26100 | Med | 0.40 | 6.1 | 0.00 | Apr 21, 2023 | In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. |
- risk 0.64cvss 9.8epss 0.03
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges,…
- risk 0.61cvss 8.8epss 0.08
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
- risk 0.60cvss 8.8epss 0.02
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
- risk 0.59cvss 9.1epss 0.01
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
- risk 0.40cvss 6.1epss 0.00
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.