Stormshield Network Security vulnerabilities
3 known vulnerabilities affecting stormshield/network_security.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-22703MEDIUMCVSS 5.5≥ 2.0.0, < 2.1.1≥ 3.0.0, < 3.0.22022-01-17
CVE-2022-22703 [MEDIUM] CWE-532 CVE-2022-22703: In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
nvd
CVE-2021-45885HIGHCVSS 7.5≥ 4.2.2, < 4.2.82021-12-29
CVE-2021-45885 [HIGH] CWE-613 CVE-2021-45885: An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
nvd
CVE-2021-28665HIGHCVSS 7.5≥ 3.0.0, < 3.7.182021-05-06
CVE-2021-28665 [HIGH] CWE-401 CVE-2021-28665: Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
nvd