CVE-2024-56086

CVE-2024-56086 affects Logpoint pre-7.5.0. An authenticated user can inject payloads into report templates, which are executed during the backup process and lead to Remote Code Execution . Affected component is the report template handling within the Logpoint backup workflow; the root cause is un...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that originates from an authenticated user being able to inject payloads into report templates that are executed when the backup process is initiated,...

CVE-2024-56086

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution...

CVE-2024-48950

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication...

CVE-2024-48952

An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints...

CVE-2024-48951

An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

CVE-2024-48954

An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

CVE-2024-48951

An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...

CVE-2024-48954

An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution...

CVE-2024-48950

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication...

CVE-2024-48952

An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

CVE-2024-48952

An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0, which stems from a server-side request forgery SSRF on SOAR that can be used to disclose Logpoint's API tokens, leading to authentication bypass...

CVE-2024-48950

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that stems from SOAR's use of static JWT keys to generate tokens that allow an attacker to access SOAR API endpoints without authentication...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that stems from a lack of proper authorization checks on endpoints used to create, edit, or delete third-party authentication modules, allowing...

CVE-2024-48950

Logpoint prior to 7.5.0 contains a vulnerability where an endpoint used by Distributed Logpoint Setup is exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. Affected product: Logpoint (versions before 7.5.0). Root cause: exposed endpoint enabling CSRF/auth b...