MidnightBSD

Advisories for loadbalancer

CVE-2018-18864 HIGH

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
loadbalancer enterprise_va_max *
CVE-2020-13377

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

Products Affected

Vendor Product Version
loadbalancer enterprise_va_max *
CVE-2020-13378

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.

Products Affected

Vendor Product Version
loadbalancer enterprise_va_max *