Akkadianlabs Ova Appliance vulnerabilities
3 known vulnerabilities affecting akkadianlabs/ova_appliance.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-31580P3CRITICALCVSS 9.8fixed in 3.02021-07-22
CVE-2021-31580 [CRITICAL] CWE-78 CVE-2021-31580: The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switc
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Applia
nvd
CVE-2021-31579P3CRITICALCVSS 9.8fixed in 3.02021-07-22
CVE-2021-31579 [CRITICAL] CWE-798 CVE-2021-31579: Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadi
Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
nvd
CVE-2021-31581P4MEDIUMCVSS 4.4PoCfixed in 3.02021-07-22
CVE-2021-31581 [MEDIUM] CWE-269 CVE-2021-31581: The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusin
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and A
nvd