An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSiren Investigate
APPSiren< 12.1.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2023-35857CRITICAL9.8ten sam produkt
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
CVE-2021-36794CRITICAL9.8ten sam produkt
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS veri...
CVE-2021-31216HIGH8.1ten sam produkt
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image pro...
CVE-2022-47543MEDIUM5.3ten sam produkt
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
CVE-2021-28938MEDIUM4.3ten sam vendor
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-2...