Skip to main content

Investigate

3 CVEs product

Monthly

CVE-2023-35857 CRITICAL Act Now

In Siren Investigate before 13.2.2, session keys remain active even after logging out. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-36794 CRITICAL Act Now

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-31216 HIGH PATCH This Week

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Investigate
NVD
CVSS 3.1
8.1
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Siren Investigate before 13.2.2, session keys remain active even after logging out. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Investigate
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy