Filtered by vendor Logpoint
Subscriptions
Filtered by product Logpoint
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-30176 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 5.3 Medium |
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | ||||
CVE-2022-48685 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 7.7 High |
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | ||||
CVE-2022-48684 | 1 Logpoint | 1 Logpoint | 2024-11-21 | 8.4 High |
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | ||||
CVE-2024-48950 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication. | ||||
CVE-2024-48951 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | ||||
CVE-2024-48953 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 7.5 High |
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access. | ||||
CVE-2024-48954 | 1 Logpoint | 1 Logpoint | 2024-11-08 | 6.4 Medium |
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. |
Page 1 of 1.