Filtered by vendor Logpoint Subscriptions
Filtered by product Logpoint Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-30176 1 Logpoint 1 Logpoint 2024-11-21 5.3 Medium
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
CVE-2022-48685 1 Logpoint 1 Logpoint 2024-11-21 7.7 High
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation.
CVE-2022-48684 1 Logpoint 1 Logpoint 2024-11-21 8.4 High
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.
CVE-2024-48954 1 Logpoint 1 Logpoint 2024-11-08 6.4 Medium
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution.
CVE-2024-48953 1 Logpoint 1 Logpoint 2024-11-08 7.5 High
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.
CVE-2024-48950 1 Logpoint 1 Logpoint 2024-11-08 7.5 High
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
CVE-2024-48951 1 Logpoint 1 Logpoint 2024-11-08 7.5 High
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.