Vulnerabilities > Apache > Nifi > 1.11.2

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-9487 Missing Authentication for Critical Function vulnerability in Apache Nifi
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content.
network
low complexity
apache CWE-306
5.0
5.0
2020-10-01 CVE-2020-9486 Information Exposure Through Log Files vulnerability in Apache Nifi
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values.
network
low complexity
apache CWE-532
5.0
5.0
2020-10-01 CVE-2020-13940 XXE vulnerability in Apache Nifi
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file.
network
apache CWE-611
4.3
4.3