Pexip: Security Vulnerabilities
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-25
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-25
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-25
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-09-24
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
CVSS Score
9.8
EPSS Score
0.018
Published
2017-05-02
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
CVSS Score
7.1
EPSS Score
0.003
Published
2015-02-03
Page 5