Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
WireWire-server*

3 matches found

CVE
CVEadded 2022/03/16 5:40 p.m.114 views

CVE-2022-23610

CVE-2022-23610 affects wire-server before 2022-01-27, where an upstream library used for parsing/validating SAML XML could accept attacker-provided public keys as trusted in signatures. This enabled an attacker to bypass SAML SSO and impersonate any Wire user with SAML credentials, including crea...

9.1CVSS8.1AI score0.00134EPSS
CVE
CVEadded 2022/04/13 6:25 p.m.74 views

CVE-2021-41119

CVE-2021-41119 affects Wire-server (back-end service). A denial-of-service vulnerability exists in pre-2022-03-01 releases where a crafted JSON object can trigger a hash collision, causing the parser to run in at least quadratic time and potentially exhaust server resources on heavily loaded inst...

7.5CVSS6AI score0.00486EPSS
CVE
CVEadded 2021/10/04 6:25 p.m.45 views

CVE-2021-41100

CVE-2021-41100 affects Wire-server (Wire’s backing server). A short-lived session token in the Authorization header can be used to change a user’s email, which may enable account takeover due to subsequent password changes. Public details indicate that Version 2021-08-16 and later added a new end...

9.8CVSS9.1AI score0.003EPSS
Web