6 matches found
CVE-2021-44216
CVE-2021-44216 affects Northern.tech CFEngine Enterprise: before 3.15.5 and, for 3.18.x, before 3.18.1, there are insecure permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. Upgrading to CFEngine Enterprise 3.15.5 or 3.18.1 (or newer) is the doc...
CVE-2021-44215
CVE-2021-44215 and CVE-2021-44216 affect Northern.tech CFEngine Enterprise. CVE-2021-44215: CFEngine Enterprise 3.15.4 before 3.15.5 has insecure file permissions that may allow unauthorized local users to have an unspecified impact. CVE-2021-44216: CFEngine Enterprise versions before 3.15.5 and ...
CVE-2023-45684
The CVE-2023-45684 issue affects Northern.tech CFEngine Enterprise, specifically the Mission Portal login page. A SQL Injection vulnerability exists in CFEngine Hub’s Mission Portal, with earliest affected version 3.6.0 and a broad range up to 3.18.5 (for the 3.6.0–3.18.5 line) and 3.21.0–3.21.2 ...
CVE-2026-24712
CVE-2026-24712 affects Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0, where a component/flow allows Command injection. The connected documents confirm the vulnerability is present in those versions; no explicit root-cause details or remediation steps are prov...
CVE-2026-24711
CVE-2026-24711 affects Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 with Incorrect Access Control. The NVD entry lists a CVSS v3.1 base score of 5.3 (Network, Low Confidentiality impact, No Integrity/Availability impact; privileges required: None; user interaction: None; sc...
CVE-2026-24710
Northern.tech CFEngine Enterprise (and related CFEngine records) contains multiple CVEs affecting pre-3.21.8, 3.24.3, and 3.27.0. Specifically, CVE-2026-24710: CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. Related CVEs CVE-2026-24711 and CVE-2026-24712 affect the same release ...