Skip to main content

Mender

4 CVEs product

Monthly

CVE-2024-46948 MEDIUM PATCH This Month

Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mender
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-32290 MEDIUM This Month

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mender
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-29556 CRITICAL Act Now

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Mender
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29555 HIGH This Week

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mender
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mender
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mender
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Mender
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mender
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy