PT-2025-18314 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions 6.4.8 through 6.4.9 Description: The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for...

CVE-2024-45404 OpenCTI's lack of Rate Limit lead to OTP brute forcing

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...