) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): GigaVUE
- Search Type: Search All
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-0746 |
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. Published: March 10, 2023; 11:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2020-23250 |
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database. Published: January 05, 2021; 5:15:13 PM -0500 |
V3.1: 2.3 LOW V2.0: 2.1 LOW |
| CVE-2020-23249 |
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. Published: January 05, 2021; 5:15:13 PM -0500 |
V3.1: 4.7 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2020-12252 |
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter. Published: April 29, 2020; 10:15:19 AM -0400 |
V3.1: 6.2 MEDIUM V2.0: 6.0 MEDIUM |
| CVE-2020-12251 |
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. Published: April 29, 2020; 10:15:18 AM -0400 |
V3.1: 2.2 LOW V2.0: 3.5 LOW |