Cisco Hyperflex Hx Data Platform vulnerabilities
6 known vulnerabilities affecting cisco/cisco_hyperflex_hx_data_platform.
Total CVEs
6
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-20263MEDIUMCVSS 6.1v4.0(1a)v4.0(1b)+17 more2023-09-06
CVE-2023-20263 [MEDIUM] CWE-601 CVE-2023-20263: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allo
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click
cvelistv5nvd
CVE-2021-1498CRITICALCVSS 9.8KEVPoCvn/a2021-05-06
CVE-2021-1498 [CRITICAL] CWE-78 CVE-2021-1498: Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
cvelistv5nvd
CVE-2021-1497CRITICALCVSS 9.8KEVPoCvn/a2021-05-06
CVE-2021-1497 [CRITICAL] CWE-78 CVE-2021-1497: Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
cvelistv5nvd
CVE-2021-1499MEDIUMCVSS 5.3PoCvn/a2021-05-06
CVE-2021-1499 [MEDIUM] CWE-306 CVE-2021-1499: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allo
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected devi
cvelistv5nvd
CVE-2020-3389MEDIUMCVSS 4.4vn/a2020-08-26
CVE-2020-3389 [MEDIUM] CWE-310 CVE-2020-3389: A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an a
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticati
cvelistv5nvd
CVE-2018-15429MEDIUMCVSS 5.3vn/a2018-10-05
CVE-2018-15429 [MEDIUM] CWE-20 CVE-2018-15429: A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unau
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request
cvelistv5nvd