Lucene search

K

Neo4j Security Vulnerabilities

cve
cve

CVE-2022-23532

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export.* procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

7.1CVSS

6.5AI Score

0.001EPSS

2023-01-14 01:15 AM
70
cve
cve

CVE-2023-23926

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 (4.4 branch) in Neo4j graph database. XML External Entity (XXE) injection occurs when...

8.1CVSS

8AI Score

0.002EPSS

2023-02-16 04:15 PM
24
cve
cve

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit...

10CVSS

9.4AI Score

0.002EPSS

2022-10-03 04:21 PM
44
cve
cve

CVE-2018-18389

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary...

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-03 04:22 PM
46
cve
cve

CVE-2022-37423

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via...

7.5CVSS

7.5AI Score

0.002EPSS

2022-08-12 03:15 PM
69
4
cve
cve

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and...

9.1CVSS

8.6AI Score

0.002EPSS

2022-03-01 02:15 AM
102
2
cve
cve

CVE-2021-34371

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget...

9.8CVSS

9.8AI Score

0.062EPSS

2021-08-05 08:15 PM
70
2
cve
cve

CVE-2021-34802

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated...

8.8CVSS

8.7AI Score

0.001EPSS

2021-07-30 02:15 PM
50
4
cve
cve

CVE-2013-7259

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2)...

8AI Score

0.01EPSS

2014-04-29 02:38 PM
24