Skip to main content

Nginx Api Connectivity Manager

3 CVEs product

Monthly

CVE-2024-10318 MEDIUM This Month

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Nginx Nginx Api Connectivity Manager Nginx Ingress Controller +2
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2023-28724 HIGH This Week

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nginx Nginx Api Connectivity Manager Nginx Instance Manager Nginx Security Monitoring
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-28656 HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup Ontap Select Deploy Nginx Api Connectivity Manager +2
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 5.1
MEDIUM This Month

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Nginx +4
NVD
EPSS 0% CVSS 7.1
HIGH This Week

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nginx Nginx Api Connectivity Manager +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy