Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
oryginał ENAV:N/AC:M/Au:N/C:P/I:P/A:PNeo4j
APPNeo4J1.9.2
Powiązane podatności
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an a...
Niepoprawne rozwiązywanie przestrzeni nazw w złożonych bazach danych w Neo4j Enterprise edition w wersjach prz...
Niedostateczne maskowanie znaków unicode w dzienniku zapytań w Neo4j Enterprise i Community w wersjach przed 2...