22 matches found
EUVD-2021-25056
Malware in sbrugna...
EUVD-2021-25057
Malware in sbrugna...
EUVD-2021-25055
Malware in sbrugna...
CVE-2021-38617
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
CVE-2021-38615
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...
CVE-2021-38617
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
CVE-2021-38615
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...
CVE-2021-38615
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
Cross site request forgery (csrf)
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
Privilege escalation
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
Information disclosure
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...
CVE-2021-38616
CVE-2021-38616 affects Eigen NLP 3.10.1. The vulnerability arises from a lack of access control on the /auth/v1/user/{user-guid}/ endpoint, permitting a logged-in user to modify their own permissions via a user_permissions array in a PATCH request, and potentially allow a guest to modify other us...
CVE-2021-38616
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...
CVE-2021-38617
Eigen NLP 3.10.1 is affected. The issue stems from a lack of access control on the /auth/v1/user/ endpoint, allowing a standard user to create a superuser with a defined password, enabling privilege escalation. The CVSS data in the linked records indicates a high-severity impact (CVSS 3.1 base sc...
CVE-2021-38617
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
CVE-2021-38615
CVE-2021-38615 affects Eigen NLP 3.10.1, where a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint lets any logged-in user (guest, standard, or admin) view and modify information. The issue is tied to an insecure SSO config endpoint rather than to multiple products; CV...
CVE-2021-38615
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user guest, standard, or admin to view and modify information...