Lucene search
K

6 matches found

CVE
CVE
added 2022/03/07 2:43 p.m.105 views

CVE-2021-44216

CVE-2021-44216 affects Northern.tech CFEngine Enterprise: before 3.15.5 and, for 3.18.x, before 3.18.1, there are insecure permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. Upgrading to CFEngine Enterprise 3.15.5 or 3.18.1 (or newer) is the doc...

5.5CVSS5.3AI score0.00359EPSS
CVE
CVE
added 2022/03/07 2:43 p.m.93 views

CVE-2021-44215

CVE-2021-44215 and CVE-2021-44216 affect Northern.tech CFEngine Enterprise. CVE-2021-44215: CFEngine Enterprise 3.15.4 before 3.15.5 has insecure file permissions that may allow unauthorized local users to have an unspecified impact. CVE-2021-44216: CFEngine Enterprise versions before 3.15.5 and ...

5.5CVSS5.3AI score0.00349EPSS
CVE
CVE
added 2023/11/14 12:0 a.m.39 views

CVE-2023-45684

The CVE-2023-45684 issue affects Northern.tech CFEngine Enterprise, specifically the Mission Portal login page. A SQL Injection vulnerability exists in CFEngine Hub’s Mission Portal, with earliest affected version 3.6.0 and a broad range up to 3.18.5 (for the 3.6.0–3.18.5 line) and 3.21.0–3.21.2 ...

7.5CVSS7.6AI score0.00647EPSS
CVE
CVE
added 2026/05/14 12:0 a.m.23 views

CVE-2026-24712

CVE-2026-24712 affects Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0, where a component/flow allows Command injection. The connected documents confirm the vulnerability is present in those versions; no explicit root-cause details or remediation steps are prov...

7.3CVSS5.8AI score0.0092EPSS
CVE
CVE
added 2026/05/14 12:0 a.m.20 views

CVE-2026-24711

CVE-2026-24711 affects Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 with Incorrect Access Control. The NVD entry lists a CVSS v3.1 base score of 5.3 (Network, Low Confidentiality impact, No Integrity/Availability impact; privileges required: None; user interaction: None; sc...

5.3CVSS5.8AI score0.00208EPSS
CVE
CVE
added 2026/05/14 12:0 a.m.17 views

CVE-2026-24710

Northern.tech CFEngine Enterprise (and related CFEngine records) contains multiple CVEs affecting pre-3.21.8, 3.24.3, and 3.27.0. Specifically, CVE-2026-24710: CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. Related CVEs CVE-2026-24711 and CVE-2026-24712 affect the same release ...

6.1CVSS5.8AI score0.0092EPSS