cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3544,https://securityvulnerability.io/vulnerability/CVE-2024-3544,Unauthenticated Attackers Can Perform Actions Using SSH Private Keys,"The vulnerability allows unauthenticated attackers to exploit SSH private keys when they have access to the same network as a machine within a High Availability (HA) or Cluster group. By simply knowing an IP address, attackers can perform unauthorized actions that could compromise the integrity and availability of the system. Kemp Technologies has addressed this issue by implementing enhanced security measures for LoadMaster partner communications. The update mandates a shared secret exchange between partners, ensuring secure communication and mitigating the risk of unauthorized access.",Progress Software,Loadmaster,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-02T14:08:06.683Z,0
CVE-2024-3543,https://securityvulnerability.io/vulnerability/CVE-2024-3543,Attackers Can Easily Decrypt and Use Stolen Passwords to Corrupt the System,"
Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

",Progress Software,Loadmaster,6.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-02T14:05:26.748Z,0
CVE-2024-2449,https://securityvulnerability.io/vulnerability/CVE-2024-2449,LoadMaster Cross-Site Request Forgery Vulnerability,"A cross-site request forgery vulnerability has been discovered in LoadMaster, a leading application delivery controller from Kemp Technologies. This flaw permits a malicious actor to exploit the knowledge of an authenticated LoadMaster administrator's IP address or hostname, redirecting them to a malicious third-party site. Once on the site, the CSRF payload could initiate unauthorized HTTP transactions on behalf of the administrator without their consent. Proper measures and best practices are essential to mitigate this type of attack and protect sensitive information.",Progress Software,Loadmaster,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-22T13:35:39.103Z,0
CVE-2024-2448,https://securityvulnerability.io/vulnerability/CVE-2024-2448,OS Command Injection Vulnerability in LoadMaster,"A vulnerability has been identified in LoadMaster, developed by Kemp Technologies, that allows OS command injection through a compromised user interface. An authenticated user with any permission settings can exploit this flaw by injecting commands into the UI component, potentially leading to unintended command execution on the operating system level. This vulnerability underscores the importance of rigorous access controls and regular updates to maintain system integrity and security.",Progress Software,Loadmaster,8.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-22T13:32:43.657Z,0
CVE-2024-1212,https://securityvulnerability.io/vulnerability/CVE-2024-1212,Remote Attackers Can Execute Arbitrary System Commands via LoadMaster Management Interface,"The LoadMaster management interface in Kemp Technologies products has a vulnerability that allows unauthenticated remote attackers to gain access. This weakness can be exploited to execute arbitrary system commands, potentially compromising the integrity and security of the affected systems. Organizations using LoadMaster are advised to apply the necessary security updates to mitigate the risk associated with this vulnerability.",Progress Software,Loadmaster,9.8,CRITICAL,0.9361100196838379,true,true,false,true,true,true,true,2024-02-21T17:39:12.599Z,6881