Filtered by vendor Logpoint
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-30176 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 5.3 Medium |
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | ||||
CVE-2023-49950 | 1 Logpoint | 1 Siem | 2024-11-21 | 5.4 Medium |
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | ||||
CVE-2022-48685 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 7.7 High |
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | ||||
CVE-2022-48684 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 8.4 High |
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | ||||
CVE-2024-48953 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | ||||
CVE-2024-48950 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | ||||
CVE-2024-48951 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | ||||
CVE-2024-48954 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 6.4 Medium |
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. |
Page 1 of 1.