Perforce

Helix Alm

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2024-11084

  • EPSS 0.05%
  • Published 15.04.2025 15:34:31
  • Last modified 15.04.2025 18:39:27

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.

2

CVE-2024-3995

  • EPSS 0.05%
  • Published 28.06.2024 20:15:02
  • Last modified 21.11.2024 09:30:52

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.

4.9

CVE-2021-28973

Exploit
  • EPSS 0.24%
  • Published 13.04.2021 17:15:12
  • Last modified 21.11.2024 06:00:28

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.