Vulnerabilities > Couchbase > Couchbase Server > 5.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-02-22 CVE-2020-9039 Incorrect Default Permissions vulnerability in Couchbase Server
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles.
network
low complexity
couchbase CWE-276
critical
 9.8
9.8
2019-09-10 CVE-2019-11495 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Couchbase Server 5.1.1
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely.
network
low complexity
couchbase CWE-335
critical
 9.8
9.8