Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Huntflow Security Vulnerabilities

cve
cve

CVE-2021-37935

An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching....

7.5CVSS

7.2AI Score

0.003EPSS

2021-12-10 05:15 PM
16
4
cve
cve

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password...

9.8CVSS

9.4AI Score

0.011EPSS

2021-12-10 05:15 PM
16
4
cve
cve

CVE-2021-37933

An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it.....

7.5CVSS

7.8AI Score

0.002EPSS

2021-10-14 04:15 PM
21