Silver-peak Unity Orchestrator — known CVE vulnerabilities
Every CVE whose affected-product data names Silver-peak Unity Orchestrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-12145 — CVSS 6.6 (medium): Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from…
CVE-2020-12146 — CVSS 6.6 (medium): In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete…
CVE-2020-12147 — CVSS 6.6 (medium): In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries…
CVE-2020-12143 — CVSS 6.0 (medium): The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a…
CVE-2020-12144 — CVSS 6.0 (medium): The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone…
CVE-2020-12142 — CVSS 4.8 (medium): 1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin…