Opencti@* Security Vulnerabilities and Issues — Opencti@* CVE List

Lucene search

CiteumOpencti*

4 matches found

CVE•added 2024/05/23 12:15 p.m.•96 views

CVE-2024-26139

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web appl...

8.3CVSS8.4AI score0.00117EPSS

CVE•added 2024/11/18 3:15 p.m.•89 views

CVE-2024-37155

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characte...

8.2CVSS6.4AI score0.00471EPSS

CVE•added 2024/12/12 2:2 a.m.•46 views

CVE-2024-45404

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the acco...

8.1CVSS7.3AI score0.00079EPSS

CVE•added 2024/12/26 10:15 p.m.•42 views

CVE-2024-45805

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http:///s...

4.3CVSS6.6AI score0.00051EPSS