gigamon 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-0746 | The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | [email protected] | 6.3 | 0.35% | 2023-03-10 | 2024-11-21 |
| CVE-2020-23250 | GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database. | [email protected] | 2.3 | 0.20% | 2021-01-05 | 2024-11-21 |
| CVE-2020-23249 | GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. | [email protected] | 4.7 | 0.37% | 2021-01-05 | 2024-11-21 |
| CVE-2020-12252 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter. | [email protected] | 6.2 | 1.97% | 2020-04-29 | 2024-11-21 |
| CVE-2020-12251 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. | [email protected] | 2.2 | 1.20% | 2020-04-29 | 2024-11-21 |