Filtered by vendor Fiware
Subscriptions
Filtered by product Keyrock
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-42167 | 1 Fiware | 1 Keyrock | 2024-08-29 | 9.1 Critical |
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | ||||
CVE-2024-42166 | 1 Fiware | 1 Keyrock | 2024-08-29 | 9.1 Critical |
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | ||||
CVE-2024-42165 | 1 Fiware | 1 Keyrock | 2024-08-29 | 6.3 Medium |
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | ||||
CVE-2024-42164 | 1 Fiware | 1 Keyrock | 2024-08-29 | 4.3 Medium |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | ||||
CVE-2024-42163 | 1 Fiware | 1 Keyrock | 2024-08-29 | 8.3 High |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. |
Page 1 of 1.