Skip to main content

Nifi Minifi C

2 CVEs product

Monthly

CVE-2023-41180 MEDIUM This Month

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Nifi Minifi C
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2021-33191 CRITICAL Act Now

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Command Injection Nifi Minifi C
NVD
CVSS 3.1
9.8
EPSS
4.0%
EPSS 0% CVSS 5.9
MEDIUM This Month

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Nifi Minifi C
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Command Injection Nifi Minifi C
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy