Search criteria

3 vulnerabilities by StormShield

CVE-2026-8482 (GCVE-0-2026-8482)

Vulnerability from cvelistv5 – Published: 2026-07-02 08:42 – Updated: 2026-07-02 12:20
VLAI?
Title
Information leak in NSRPC client history
Summary
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
CWE
  • CWE-532 - Insertion of sensitive information into log file
Assigner
Impacted products
Vendor Product Version
Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
Affected: 4.8.0 , ≤ 4.8.15 (semver)
Affected: 5.0.0 , ≤ 5.0.5 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T12:20:06.574781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:20:17.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Stormshield Network Security",
          "vendor": "Stormshield",
          "versions": [
            {
              "lessThanOrEqual": "4.3.41",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.8.15",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\u003cbr\u003eThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\u003cbr\u003eSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)\n\nThere is a possible leak of secret information if administration commands have been passed with the CLI command line tool.\n\nSomeone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of sensitive information into log file",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T08:42:56.777Z",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "url": "https://advisories.stormshield.eu/2025-007/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information leak in NSRPC client history",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2026-8482",
    "datePublished": "2026-07-02T08:42:56.777Z",
    "dateReserved": "2026-05-13T14:04:22.661Z",
    "dateUpdated": "2026-07-02T12:20:17.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8480 (GCVE-0-2026-8480)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:52 – Updated: 2026-07-01 15:45
VLAI?
Title
Connection possible to the Administration portal with a revoked certificate
Summary
A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
CWE
  • CWE-295 - Improper certificate validation
Assigner
Impacted products
Vendor Product Version
Stormshield Stormshield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
Affected: 4.4.0 , ≤ 4.8.15 (semver)
Affected: 5.0.2 EA , ≤ 5.0.5 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8480",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:44:58.262034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:45:32.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Stormshield Network Security",
          "vendor": "Stormshield",
          "versions": [
            {
              "lessThanOrEqual": "4.3.41",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.8.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.2 EA",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security 4.3.0\u0026nbsp; to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\u003c/p\u003e\u003cp\u003eA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability was discovered on Stormshield Network Security 4.3.0\u00a0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\n\n\n\nA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper certificate validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:52:12.815Z",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "url": "https://advisories.stormshield.eu/2026-002/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following updates fix this vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\n\u003c/li\u003e\u003cli\u003eSNS 4.8.16\n\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The following updates fix this vulnerability:\n  *  SNS 5.0.6\n\n  *  SNS 4.8.16\n\n  *  SNS 4.3.42"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Connection possible to the Administration portal with a revoked certificate",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2026-8480",
    "datePublished": "2026-07-01T14:52:12.815Z",
    "dateReserved": "2026-05-13T13:48:21.232Z",
    "dateUpdated": "2026-07-01T15:45:32.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8474 (GCVE-0-2026-8474)

Vulnerability from cvelistv5 – Published: 2026-06-01 07:47 – Updated: 2026-06-01 13:05
VLAI?
Title
Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.
Summary
A vulnerability was discovered on Stormshield Network Security  * 4.3.0 to 4.3.41,  * 4.8.0 to 4.8.15,  * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
CWE
  • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
Impacted products
Vendor Product Version
StormShield StormShield Network Security Affected: 4.3.0 , ≤ 4.3.41 (semver)
Affected: 4.8.0 , ≤ 4.8.15 (semver)
Affected: 5.0.0 , ≤ 5.0.5 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8474",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T13:05:31.957702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T13:05:45.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StormShield Network Security",
          "vendor": "StormShield",
          "versions": [
            {
              "lessThanOrEqual": "4.3.41",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.8.15",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability was discovered on Stormshield Network Security\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.3.0 to 4.3.41,\u0026nbsp;\u003c/li\u003e\u003cli\u003e4.8.0 to 4.8.15,\u0026nbsp;\u003c/li\u003e\u003cli\u003e5.0.0 to 5.0.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability was discovered on Stormshield Network Security\u00a0\n\n\n\n\n\n  *  4.3.0 to 4.3.41,\u00a0\n  *  4.8.0 to 4.8.15,\u00a0\n  *  5.0.0 to 5.0.5\n\n\n\n\n\n\n\n\nIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim\u0027s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T07:50:04.199Z",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "url": "https://advisories.stormshield.eu/2026-003/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following updates fix this vulnerability:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSNS 5.0.6\u003c/li\u003e\u003cli\u003eSNS 4.8.16\u003c/li\u003e\u003cli\u003eSNS 4.3.42\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The following updates fix this vulnerability:\n\n  *  SNS 5.0.6\n  *  SNS 4.8.16\n  *  SNS 4.3.42"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2026-8474",
    "datePublished": "2026-06-01T07:47:54.875Z",
    "dateReserved": "2026-05-13T13:10:26.492Z",
    "dateUpdated": "2026-06-01T13:05:45.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}