Skip to main content

Cfengine

5 CVEs product

Monthly

CVE-2023-45684 HIGH This Week

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cfengine
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26560 MEDIUM This Month

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-38379 MEDIUM This Month

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cfengine
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36756 MEDIUM PATCH This Month

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-9929 HIGH POC This Week

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cfengine
NVD
CVSS 3.0
8.8
EPSS
2.0%
EPSS 1% CVSS 7.5
HIGH This Week

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cfengine
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cfengine
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cfengine
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cfengine
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cfengine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy