Latest stormshield endpoint security Vulnerabilities

CVE-2023-35800
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interac...
Stormshield Endpoint Security>=2.0.0<=2.4.2
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
Stormshield Endpoint Security>=2.0.0<=2.3.2
CVE-2023-23562
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.
Stormshield Endpoint Security>=2.3.0<2.4.1
CVE-2023-23561
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.
Stormshield Endpoint Security>=2.3.0<2.4.1
CVE-2022-4304
Timing Oracle in RSA Decryption
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-9.el8_6
and 31 more
CVE-2021-45091
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
Stormshield Endpoint Security=2.1.0
Stormshield Endpoint Security=2.1.1
CVE-2021-45090
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
Stormshield Endpoint Security>=2.0.0<2.1.2
CVE-2021-31222
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.
Stormshield Endpoint Security>=2.0.0<=2.0.2
CVE-2021-31223
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.
Stormshield Endpoint Security>=2.0.0<=2.0.2
CVE-2021-31220
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.
Stormshield Endpoint Security>=2.0.0<=2.0.2
CVE-2021-31224
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.
Stormshield Endpoint Security>=2.0.0<=2.0.2
CVE-2021-31221
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.
Stormshield Endpoint Security>=2.0.0<=2.0.2
CVE-2021-35957
Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) wit...
Stormshield Endpoint Security>=2.0.0<=2.0.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203