Extreme Platform One
Approved changes feed: RSS · Atom
cpe:2.3:a:extreme_networks:extreme_platform_one:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Extreme Networks (81813fdd-a51c-501d-9c23-17f49e57a1df) |
|---|---|
| Product | Extreme Platform One (d8ad50b9-0778-5517-af01-5eb3c176fde2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-9831 |
vulnerable | 2026-06-08 08:08:59.094819 |
ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition
MEDIUM (6.3)
A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions, intermittently allow requests
authenticated with an Extreme Platform ONE /IAM-issued API key to receive
response data for another tenant. The issue was observed through ExtremeCloud
IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE
/Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT
authentication were not affected.
Published: 2026-05-29T21:19:17.118Z
Updated: 2026-06-01T13:53:05.140Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.