Skyboxsecurity » Skybox Manager Client Application : Security Vulnerabilities, CVEs,

CVE-2017-14773

Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-10-03
Updated
2019-10-03

CVE-2017-14772

Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11

CVE-2017-14771

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11

CVE-2017-14770

Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close