Lucene search
K

92 matches found

CVE
CVE
added 2023/11/14 12:0 a.m.39 views

CVE-2023-45684

The CVE-2023-45684 issue affects Northern.tech CFEngine Enterprise, specifically the Mission Portal login page. A SQL Injection vulnerability exists in CFEngine Hub’s Mission Portal, with earliest affected version 3.6.0 and a broad range up to 3.18.5 (for the 3.6.0–3.18.5 line) and 3.21.0–3.21.2 ...

7.5CVSS7.6AI score0.00647EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2023/11/14 12:0 a.m.16 views

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

7.5CVSS7.6AI score0.00647EPSS
Exploits0
Prion
Prion
added 2023/04/26 12:15 a.m.18 views

Design/Logic Flaw

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...

4CVSS6.1AI score0.00546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.36 views

CVE-2023-26560

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...

6.3AI score0.00546EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.6 views

CVE-2023-26560

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...

6.3AI score0.00546EPSS
Exploits0References2
CVE
CVE
added 2023/04/25 12:0 a.m.61 views

CVE-2023-26560

Northern.tech CFEngine Enterprise before 3.21.1 is affected. A subset of authenticated users can abuse the Scheduled Reports feature to read arbitrary files and potentially discover credentials, impacting confidentiality. The issue is acknowledged across multiple sources; remediation available vi...

6.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/06 11:12 a.m.418 views

CVE-2022-32290

CVE-2022-32290 affects Northern.tech Mender client versions 3.2.0–3.2.2. The issue is incorrect access control where the Mender Client exposes an HTTP proxy on a non-localhost TCP port across all network interfaces. This allows any device on the same network to connect to the proxy and forward AP...

4.3CVSS5AI score0.00224EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/04/28 8:15 p.m.18 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.8CVSS0.00958EPSS
Exploits0References2
NVD
NVD
added 2022/04/28 8:15 p.m.10 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS0.00449EPSS
Exploits0References2
CVE
CVE
added 2022/04/28 7:48 p.m.702 views

CVE-2022-29556

CVE-2022-29556 affects the iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2. The vulnerability arises from the Azure IoT Hub integration, which exposes SSRF primitives that can be used to execute cross-tenant actions via internal API endpoints. This leads to potentia...

9.8CVSS9.4AI score0.00958EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/28 7:48 p.m.36 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.7AI score0.00958EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/28 7:44 p.m.18 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.9AI score0.00449EPSS
Exploits0References2
CVE
CVE
added 2022/04/28 7:44 p.m.527 views

CVE-2022-29555

CVE-2022-29555 affects the Deviceconnect microservice (Northern.tech Mender Enterprise) up to version 1.3.0, prior to 3.2.2, enabling Cross-Origin Websocket Hijacking. Attack vector is network; CVSSv3 base score 8.8 (HIGH) with UI required. Remediation: upgrade to Mender Enterprise 3.2.2 or later...

8.8CVSS8.6AI score0.00449EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.8 views

Northern.tech Mender Enterprise 代码问题漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from the iot-manager microservice 1.0.0 that allows SSRF because the Azure IoT Hub integration...

9.8CVSS8.2AI score0.00958EPSS
Exploits0References3
OSV
OSV
added 2022/03/10 5:44 p.m.37 views

CVE-2021-44216

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...

5.5CVSS5.4AI score0.00359EPSS
Exploits2References2
OSV
OSV
added 2022/03/10 5:44 p.m.17 views

CVE-2021-44215

Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact...

5.5CVSS5.4AI score0.00359EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2022/03/10 5:44 p.m.69 views

CVE-2021-44216

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...

5.5CVSS4AI score0.00359EPSS
Exploits2
Prion
Prion
added 2022/03/10 5:44 p.m.23 views

Code injection

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...

2.1CVSS5.4AI score0.00359EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

Northern.tech CFEngine 安全漏洞

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions prior to 3.15.4 3.15.5 that allows unauthorized local users to have an unspecified impact...

5.5CVSS5.8AI score0.00359EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.6 views

Northern.tech CFEngine 安全漏洞

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions prior to 3.15.5 that allows unauthorized local users to access Apache and Mission Portal log files...

5.5CVSS5.7AI score0.00359EPSS
Exploits2References3
Rows per page
Query Builder