Skyboxsecurity » Skybox Manager Client Application : Security Vulnerabilities, CVEs,
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-10-03
Updated
2019-10-03
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-03
Updated
2017-10-11
4 vulnerabilities found