Vulnerabilities > Acquia > Mautic > 4.4.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2022-25770 | Missing Authentication for Critical Function vulnerability in Acquia Mautic Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. | 7.5 |
| 2024-09-18 | CVE-2022-25768 | Missing Authorization vulnerability in Acquia Mautic The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. | 6.5 |
| 2024-09-18 | CVE-2022-25777 | Server-Side Request Forgery (SSRF) vulnerability in Acquia Mautic Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. | 6.5 |