Skip to main content
CVE-2021-26908 LOW Monitor

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Automox
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-31406 LOW PATCH Monitor

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version. Rated low severity (CVSS 2.5).

CSRF Flow Vaadin
NVD GitHub
CVSS 3.1
2.5
EPSS
0.2%
CVE-2021-31404 LOW PATCH Monitor

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to. Rated low severity (CVSS 2.5).

CSRF Flow Vaadin
NVD GitHub
CVSS 3.1
2.5
EPSS
0.2%
CVE-2021-31403 LOW PATCH Monitor

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0. Rated low severity (CVSS 2.5).

CSRF Vaadin
NVD GitHub
CVSS 3.1
2.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy