Skip to main content

Cloverdx

4 CVEs product

Monthly

CVE-2023-31056 MEDIUM This Month

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloverdx
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-42776 HIGH This Week

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cloverdx
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2021-30133 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Cloverdx
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29995 HIGH POC This Week

A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cloverdx
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.2%
EPSS 1% CVSS 6.5
MEDIUM This Month

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloverdx
NVD
EPSS 1% CVSS 7.7
HIGH This Week

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cloverdx
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Cloverdx
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cloverdx
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy