Siem Security Vulnerabilities and Issues — Siem CVE List

Lucene search

LogpointSiem

6 matches found

CVE•added 2024/05/07 4:15 p.m.•51 views

CVE-2024-33858

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.

5.3CVSS7AI score0.00245EPSS

CVE•added 2024/05/07 4:15 p.m.•49 views

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

9.6CVSS6.7AI score0.00219EPSS

CVE•added 2024/05/07 5:15 p.m.•48 views

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

6.1CVSS6.8AI score0.00546EPSS

CVE•added 2024/05/07 5:15 p.m.•45 views

CVE-2024-33860

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

6.5CVSS6.9AI score0.00246EPSS

CVE•added 2024/05/01 6:15 p.m.•44 views

CVE-2024-30176

In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.

5.3CVSS6.8AI score0.00248EPSS

CVE•added 2024/05/07 4:15 p.m.•44 views

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

5.3CVSS6.8AI score0.00396EPSS