Nifi

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-28	CVE-2020-1928	Information Exposure Through Log Files vulnerability in Apache Nifi 1.10.0 An information disclosure vulnerability was found in Apache NiFi 1.10.0. network low complexity apache CWE-532	5.3
2019-11-19	CVE-2019-12421	Insufficient Session Expiration vulnerability in Apache Nifi When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. network low complexity apache CWE-613	8.8
2019-11-19	CVE-2019-10083	Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). network low complexity apache CWE-200	5.3
2019-11-19	CVE-2019-10080	XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. network low complexity apache CWE-611	6.5
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3
2018-12-19	CVE-2018-17195	Incorrect Authorization vulnerability in Apache Nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. network high complexity apache CWE-863	7.5
2018-12-19	CVE-2018-17194	Improper Input Validation vulnerability in Apache Nifi When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. network low complexity apache CWE-20	7.5
2018-12-19	CVE-2018-17193	Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. network low complexity apache CWE-79	6.1
2018-12-19	CVE-2018-17192	Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. network low complexity apache CWE-1021	6.5
2018-05-23	CVE-2018-1310	Deserialization of Untrusted Data vulnerability in Apache Nifi Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. network low complexity apache CWE-502	7.5