Skip to main content

Natural Language Processing

3 CVEs product

Monthly

CVE-2021-38617 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-38616 HIGH This Week

{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-38615 HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
CVSS 3.1
8.1
EPSS
0.9%
EPSS 1% CVSS 8.8
HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Natural Language Processing
NVD
EPSS 1% CVSS 8.8
HIGH This Week

{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Natural Language Processing
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy