CVE-2023-31056
- EPSS 0.18%
- Veröffentlicht 24.04.2023 03:15:07
- Zuletzt bearbeitet 04.02.2025 20:15:48
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.
CVE-2021-42776
- EPSS 0.18%
- Veröffentlicht 01.12.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:28:09
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
CVE-2021-29995
- EPSS 1.73%
- Veröffentlicht 09.06.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:02:08
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5...
CVE-2021-30133
- EPSS 0.32%
- Veröffentlicht 09.06.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:03:22
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. Thi...