Opencti Security Vulnerabilities and Issues — Opencti CVE List

Lucene search

CiteumOpencti

8 matches found

CVE•added 2022/07/05 1:15 p.m.•488 views

CVE-2022-30290

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through th...

7.5CVSS7.4AI score0.00224EPSS

CVE•added 2024/05/23 12:15 p.m.•96 views

CVE-2024-26139

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web appl...

8.3CVSS8.4AI score0.00117EPSS

CVE•added 2024/11/18 3:15 p.m.•89 views

CVE-2024-37155

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characte...

8.2CVSS6.4AI score0.00471EPSS

CVE•added 2025/05/05 5:18 p.m.•68 views

CVE-2025-24977

OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the mali...

9.1CVSS7.4AI score0.00095EPSS

CVE•added 2022/07/05 12:15 p.m.•46 views

CVE-2022-30289

A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.

5.4CVSS5.2AI score0.00195EPSS

CVE•added 2024/12/12 2:2 a.m.•46 views

CVE-2024-45404

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the acco...

8.1CVSS7.3AI score0.00079EPSS

CVE•added 2025/04/30 7:15 p.m.•45 views

CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change t...

6.3CVSS6.3AI score0.00053EPSS

CVE•added 2024/12/26 10:15 p.m.•42 views

CVE-2024-45805

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http:///s...

4.3CVSS6.6AI score0.00051EPSS