5 matches found
CVE-2022-29555
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.
CVE-2024-46948
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
CVE-2024-46947
Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.
CVE-2024-37019
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
CVE-2022-45929
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.