Vulnerabilities > Apache > Nifi > 1.15.0

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2022-26850 Exposure of Resource to Wrong Sphere vulnerability in Apache Nifi 1.14.0/1.15.0/1.15.3
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory.
network
low complexity
apache CWE-668
4.3
2021-12-17 CVE-2021-44145 Information Exposure vulnerability in Apache Nifi
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
network
low complexity
apache CWE-200
6.5
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3