Known Vulnerabilities for products from Stormshield
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Stormshield".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23989 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-15 | 2022-03-24 |
| CVE-2022-22703 | In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log ... | 5.5 - MEDIUM | 2022-01-17 | 2022-01-24 |
| CVE-2021-37613 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | 6.5 - MEDIUM | 2022-02-10 | 2022-02-17 |
| CVE-2021-35957 | Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administra... | 6.7 - MEDIUM | 2021-07-13 | 2021-07-15 |
| CVE-2021-31814 | In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive... | 6.1 - MEDIUM | 2022-02-10 | 2023-08-08 |
| CVE-2021-31617 | In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3... | 9.8 - CRITICAL | 2022-01-31 | 2022-02-07 |
| CVE-2021-31225 | SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to... | 7.3 - HIGH | 2021-07-13 | 2021-07-15 |
| CVE-2021-31224 | SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only acc... | 3.5 - LOW | 2021-07-13 | 2021-07-15 |
| CVE-2021-31223 | SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the admin... | 5.7 - MEDIUM | 2021-07-13 | 2021-07-15 |
| CVE-2021-31222 | SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the admi... | 5.7 - MEDIUM | 2021-07-13 | 2021-07-15 |
| CVE-2021-31221 | SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the admi... | 5.7 - MEDIUM | 2021-07-13 | 2021-07-15 |
| CVE-2021-31220 | SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to secur... | 5.2 - MEDIUM | 2021-07-13 | 2021-07-15 |
| CVE-2021-28962 | Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 - HIGH | 2022-01-31 | 2022-07-12 |
| CVE-2021-28665 | Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead... | 7.5 - HIGH | 2021-05-06 | 2022-07-12 |
| CVE-2021-28127 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | 7.5 - HIGH | 2021-07-01 | 2021-07-07 |
| CVE-2021-28096 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connecti... | 5.3 - MEDIUM | 2022-01-27 | 2022-02-04 |
| CVE-2021-27932 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2023-08-25 | 2023-08-31 |
| CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in ... | 5.5 - MEDIUM | 2021-03-19 | 2022-07-01 |
| CVE-2021-3398 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | 5.8 - MEDIUM | 2022-02-10 | 2022-02-23 |
| CVE-2021-3384 | A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables man... | 5.3 - MEDIUM | 2021-03-02 | 2021-03-09 |
Known software with vulnerabilities from Stormshield
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Stormshield | Stormshield Network Security | 2.0.0 |