GemaltoCVEs & Vulnerabilities

26 CVEs affecting Gemalto products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

sentinel ldk rte 15sentinel ultrapro client library 3ezio ds3 server 3sentinel ldk 2safenet authentication service windows logon agent 2safenet authentication service iis agent 1safenet authentication service for outlook web app agent 1safenet authentication service for ad fs agent 1
CVE-2019-18232HIGH

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.

12 Dec 2019
7.8
CVSS
CVE-2019-8283MEDIUM

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.

7 Jun 2019
6.5
CVSS
CVE-2019-8282MEDIUM

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.

7 Jun 2019
5.3
CVSS
CVE-2019-9158MEDIUM

Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.

5 Jun 2019
5.7
CVSS
CVE-2019-9157MEDIUM

Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.

5 Jun 2019
5.7
CVSS
CVE-2019-9156HIGH

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.

5 Jun 2019
8.0
CVSS
CVE-2019-6534HIGH

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.

12 Apr 2019
7.8
CVSS
CVE-2018-15492HIGH

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

18 Aug 2018
7.5
CVSS
CVE-2018-8900MEDIUM

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.

3 May 2018
6.1
CVSS
CVE-2018-6305HIGH

Denial of service in Gemalto's Sentinel LDK RTE version before 7.65

13 Mar 2018
7.5
CVSS
CVE-2018-6304HIGH

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service

13 Mar 2018
7.5
CVSS
CVE-2015-7967HIGH

SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7966HIGH

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.

3 Mar 2018
7.8
CVSS
CVE-2015-7965HIGH

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.

3 Mar 2018
7.8
CVSS
CVE-2015-7964HIGH

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7963HIGH

SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7962HIGH

SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7961HIGH

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7598HIGH

SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7597HIGH

SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2015-7596HIGH

SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

3 Mar 2018
7.8
CVSS
CVE-2017-11498HIGH

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.

3 Oct 2017
7.5
CVSS
CVE-2017-11497CRITICAL

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.

3 Oct 2017
9.8
CVSS
CVE-2017-11496CRITICAL

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.

3 Oct 2017
9.8
CVSS
CVE-2017-6953HIGHpoc

Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.

8 May 2017
7.8
CVSS
CVE-2015-5464LOW

The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.

22 Jul 2015
1.3
CVSS
← PrevPage 1 / 1Next →