CVE-2024-37155
- EPSS 0.14%
- Veröffentlicht 18.11.2024 15:15:06
- Zuletzt bearbeitet 22.05.2025 15:50:04
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra wh...
CVE-2024-26139
- EPSS 0.16%
- Veröffentlicht 23.05.2024 12:15:09
- Zuletzt bearbeitet 22.05.2025 18:07:52
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges c...
CVE-2022-30290
- EPSS 0.34%
- Veröffentlicht 05.07.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 07:02:30
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, e...
CVE-2022-30289
- EPSS 0.28%
- Veröffentlicht 05.07.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 07:02:30
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the f...