Mender Security Vulnerabilities and Issues — Mender CVE List

Lucene search

Northern.techMender

7 matches found

CVE•added 2022/04/28 8:15 p.m.•686 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

9.8CVSS9.4AI score0.00428EPSS

CVE•added 2022/04/28 8:15 p.m.•516 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.

8.8CVSS8.6AI score0.00123EPSS

CVE•added 2022/07/06 12:15 p.m.•402 views

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of ...

4.3CVSS5AI score0.00069EPSS

CVE•added 2024/11/08 4:15 p.m.•56 views

CVE-2024-46948

Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.

5.3CVSS7.1AI score0.00069EPSS

CVE•added 2024/11/08 4:15 p.m.•51 views

CVE-2024-46947

Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

6.5CVSS7AI score0.00079EPSS

CVE•added 2024/06/03 6:15 p.m.•43 views

CVE-2024-37019

Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

9.8CVSS7.2AI score0.00327EPSS

CVE•added 2024/06/20 5:15 p.m.•38 views

CVE-2022-45929

Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

8.8CVSS7.2AI score0.00162EPSS