Flexense: >> Diskboss Security Vulnerabilities
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-02
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.
CVSS Score
8.1
EPSS Score
0.0
Published
2018-02-02
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
CVSS Score
9.8
EPSS Score
0.42
Published
2018-01-12
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.
CVSS Score
7.5
EPSS Score
0.096
Published
2018-01-10
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
CVSS Score
7.8
EPSS Score
0.866
Published
2017-03-29