Skip to main content

Immuta

4 CVEs product

Monthly

CVE-2020-15952 CRITICAL POC Act Now

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
CVSS 3.1
9.0
EPSS
1.5%
CVE-2020-15951 MEDIUM POC This Month

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-15950 HIGH POC This Week

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Immuta
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15949 HIGH POC This Week

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Immuta
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 2% CVSS 9.0
CRITICAL POC Act Now

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Immuta
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Immuta
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy